Skip to content

mupdf: CVE-2025-46206 #12021

New issue
New issue
Open
Open
mupdf: CVE-2025-46206#12021
Labels
securityTopic/issue involves a security issue/fixed
@UTsweetyfish

Description

@UTsweetyfish
UTsweetyfish
opened on Aug 7, 2025

Affected package (and version)

mupdf 1:1.24.10-1

CVE ID(s)

CVE-2025-46206

Severity

Moderate

Other security advisory ID(s)

https://bugs.ghostscript.com/show_bug.cgi?id=708521
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac
https://github.com/Landw-hub/CVE-2025-46206

Description/References

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the strip_outline() function enters infinite recursion

Patch(es)/Solution(s)

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac

Metadata

Metadata

Assignees

No one assigned

    Labels

    securityTopic/issue involves a security issue/fixed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions