Denial of Service in Artifex MuPDF Versions Affected
CVE-2025-46206

6.5MEDIUM

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-46206?

A vulnerability exists in Artifex MuPDF versions 1.25.6 and 1.25.5 that permits a remote attacker to induce a denial of service condition. This flaw arises from the 'mutool clean' utility, which fails to properly handle crafted PDF files containing cyclic /Next references. When the 'strip_outline()' function processes these malicious files, it enters an infinite recursion loop, which may lead to excessive resource consumption and potential service disruption.

References

http://artifex.com

http://mupdf.com

https://github.com/Landw-hub/CVE-2025-46206

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025
Vulnerability Reserved
Apr 22, 2025

JSON