CVE-2018-19881 — Uncontrolled Resource Consumption in Mupdf

CWE-400 — Uncontrolled Resource Consumption7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 37.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf

Timeline

PublishedDec 6

Latest updateMay 14

Description

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/mupdf< 1.15.0+ds1-1+3

▶NVDartifex/mupdf1.14.0

🔴Vulnerability Details

GHSA

GHSA-9v5c-3867-7h2w: In Artifex MuPDF 1↗2022-05-14

▶

CVEList

CVE-2018-19881: In Artifex MuPDF 1↗2018-12-06

▶

OSV

CVE-2018-19881: In Artifex MuPDF 1↗2018-12-06

▶

📋Vendor Advisories

Debian

CVE-2018-19881: mupdf - In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial...↗2018

▶

💬Community

Bugzilla

CVE-2018-19881 CVE-2018-19882 mupdf: various flaws [fedora-all]↗2018-12-06

▶

Bugzilla

CVE-2018-19881 mupdf: Excessive stack consumption in fitz/xml.c fz_xml_att resulting in a denial of service↗2018-12-06

▶