Infinite Loop Issue in MuPDF by Artifex
CVE-2018-19777

5.5MEDIUM

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 30 November 2018

What is CVE-2018-19777?

In version 1.14.0 of MuPDF by Artifex, a vulnerability exists within the svg_dev_end_tile function in the file fitz/svg-device.c. This flaw leads to an infinite loop that can be triggered by the mutool command, potentially degrading software performance and impacting system stability. Users are encouraged to review patches and updates provided by the vendor to mitigate this issue.

References

https://bugs.ghostscript.com/show_bug.cgi?id=700301

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

http://www.ghostscript.com/cgi-bin/findgit.cgi?754ac68f11...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2018
Vulnerability Reserved
Nov 29, 2018