CVE-2018-19881

Published: Dec 6, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugs.ghostscript.com/show_bug.cgi?id=700442

https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203

FEDORA-2019-befe3bd225

vendor-advisory

FEDORA-2019-15af6a9a07

vendor-advisory

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-19881

Description

Affected Products

References