Denial of Service Vulnerability in Artifex MuPDF 1.14.0 via Crafted SVG File

Denial of Service Vulnerability in Artifex MuPDF 1.14.0 via Crafted SVG File

CVE-2018-19881 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.

Learn more about our Web Application Penetration Testing UK.