CVE-2018-10289 — Infinite Loop in Mupdf

CWE-835 — Infinite Loop9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 69.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf Debian Linux

Timeline

PublishedApr 22

Latest updateOct 16

Description

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianartifex/mupdf< 1.13.0+ds1-3+3

▶Ubuntuartifex/mupdf< 1.7a-1ubuntu0.1~esm1+2

▶NVDartifex/mupdf1.13.0

Also affects: Debian Linux 9.0

🔴Vulnerability Details

OSV

mupdf vulnerabilities↗2025-10-16

▶

GHSA

GHSA-q684-cg7v-qp6c: In MuPDF 1↗2022-05-13

▶

OSV

CVE-2018-10289: In MuPDF 1↗2018-04-22

▶

CVEList

CVE-2018-10289: In MuPDF 1↗2018-04-22

▶

📋Vendor Advisories

Ubuntu

MuPDF vulnerabilities↗2025-10-16

▶

Debian

CVE-2018-10289: mupdf - In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the ...↗2018

▶

💬Community

Bugzilla

CVE-2018-10289 mupdf: Infinite lop in pdf/pdf-xref.c:fz_skip_space() allows for denial of service via crafted PDF [fedora-all]↗2018-04-30

▶

Bugzilla

CVE-2018-10289 mupdf: Infinite lop in pdf/pdf-xref.c:fz_skip_space() allows for denial of service via crafted PDF↗2018-04-30

▶