CVE-2025-46206

Name
CVE-2025-46206
Description
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org http://artifex.com
cve@mitre.org http://mupdf.com
cve@mitre.org https://bugs.ghostscript.com/show_bug.cgi?id=708521
cve@mitre.org https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac
cve@mitre.org https://github.com/Landw-hub/CVE-2025-46206

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* mupdf >= None <= 1.25.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
mupdf edge-community 1.25.6-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.6-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.6-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.3-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.2-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.2-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.25.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.24.10-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf edge-community 1.18.0-r2 Daniel Sabogal <dsabogalcc@gmail.com> possibly vulnerable
mupdf edge-community 1.18.0-r1 Daniel Sabogal <dsabogalcc@gmail.com> possibly vulnerable
mupdf edge-community 1.17.0-r3 None possibly vulnerable
mupdf edge-community 1.13-r0 None possibly vulnerable
mupdf edge-community 1.11-r1 None possibly vulnerable
mupdf edge-community 1.10a-r2 None possibly vulnerable
mupdf edge-community 1.10a-r1 None possibly vulnerable
mupdf 3.22-community 1.25.6-r1 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf 3.22-community 1.24.10-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
mupdf 3.22-community 1.18.0-r1 None possibly vulnerable
mupdf 3.22-community 1.17.0-r3 None possibly vulnerable
mupdf 3.22-community 1.13-r0 None possibly vulnerable
mupdf 3.22-community 1.11-r1 None possibly vulnerable
mupdf 3.22-community 1.10a-r2 None possibly vulnerable
mupdf 3.22-community 1.10a-r1 None possibly vulnerable