Infinite Recursion Vulnerability in Artifex MuPDF Product
CVE-2019-6131

5.5MEDIUM

Key Information:

Vendor
Artifex
Status
MuPDF
Vendor
CVE Published:
11 January 2019

Summary

The MuPDF product by Artifex Software contains a vulnerability in the svg-run.c file, specifically in the functions svg_run_use_symbol, svg_run_element, and svg_run_use. This vulnerability allows for infinite recursion, which can lead to excessive stack consumption and potential application crashes. Users of affected versions should consider analyzing their implementation for risks associated with processing SVG files.

References

https://bugs.ghostscript.com/show_bug.cgi?id=700442
http://www.securityfocus.com/bid/106558
vdb-entry
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.