CVE-2018-5686

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:mupdf:1.12.0:-:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

12 Sep 2024, 17:15

Type Values Removed Values Added
References
  • () https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=b70eb93f6936c03d8af52040bbca4d4a7db39079 -

Information

Published : 2018-01-14 02:29

Updated : 2024-09-12 17:15


NVD link : CVE-2018-5686

Mitre link : CVE-2018-5686

CVE.ORG link : CVE-2018-5686


JSON object : View

Products Affected

debian

  • debian_linux

artifex

  • mupdf
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')