CVE-2018-5686

Name of the Vulnerable Software and Affected Versions: MuPDF version 1.12.0

Description: The issue is related to an infinite loop vulnerability and application hang in the pdf parse array function, located in pdf/pdf-parse.c, due to the failure to consider the End Of File (EOF). This allows remote attackers to cause a denial of service by providing a crafted pdf file.

Recommendations: For MuPDF version 1.12.0, consider disabling the pdf parse array function as a temporary workaround until a patch is available. Restrict access to crafted pdf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.