CVE-2025-46206
published 2025-08-04CVE-2025-46206: An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | <= 1.25.6 | — |
| artifex | mupdf | >= 0 < 1.25.1+ds1-7 | 1.25.1+ds1-7 |
| artifex | mupdf | >= 0 < 1.12.0+ds1-1ubuntu0.1~esm2 | 1.12.0+ds1-1ubuntu0.1~esm2 |
| artifex | mupdf | >= 0 < 1.16.1+ds1-1ubuntu1+esm2 | 1.16.1+ds1-1ubuntu1+esm2 |
| artifex | mupdf | >= 0 < 1.19.0+ds1-2ubuntu0.1~esm1 | 1.19.0+ds1-2ubuntu0.1~esm1 |
| artifex | mupdf | >= 0 < 1.23.10+ds1-1ubuntu0.1~esm1 | 1.23.10+ds1-1ubuntu0.1~esm1 |
| debian | mupdf | < mupdf 1.25.1+ds1-7 (forky) | mupdf 1.25.1+ds1-7 (forky) |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH