CVE-2018-5686 — Infinite Loop in Mupdf

CWE-835 — Infinite Loop7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 67.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mupdf Debian Linux

Timeline

PublishedJan 14

Latest updateMay 13

Description

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/mupdf< 1.13.0+ds1-1+3

▶NVDartifex/mupdf1.12.0

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-6j78-9283-gj3w: In MuPDF 1↗2022-05-13

▶

OSV

CVE-2018-5686: In MuPDF 1↗2018-01-14

▶

CVEList

CVE-2018-5686: In MuPDF 1↗2018-01-14

▶

📋Vendor Advisories

Debian

CVE-2018-5686: mupdf - In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in...↗2018

▶

💬Community

Bugzilla

CVE-2018-5686 mupdf: Infinite loop in pdf_parse_array function in pdf/pdf-parse.c [fedora-all]↗2018-01-29

▶

Bugzilla

CVE-2018-5686 mupdf: Infinite loop in pdf_parse_array function in pdf/pdf-parse.c↗2018-01-29

▶