Infinite Loop Issue in MuPDF by Artifex
CVE-2018-19777

5.5MEDIUM

Key Information:

Vendor

Artifex

Status
Vendor
CVE Published:
30 November 2018

What is CVE-2018-19777?

In version 1.14.0 of MuPDF by Artifex, a vulnerability exists within the svg_dev_end_tile function in the file fitz/svg-device.c. This flaw leads to an infinite loop that can be triggered by the mutool command, potentially degrading software performance and impacting system stability. Users are encouraged to review patches and updates provided by the vendor to mitigate this issue.

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.