CVE-2018-6192

Name of the Vulnerable Software and Affected Versions Artifex MuPDF version 1.12.0

Description The issue allows remote attackers to cause a denial of service, resulting in a segmentation violation and application crash, via a crafted pdf file. This is due to a problem in the pdf read new xref function in pdf/pdf-xref.c.

Recommendations For Artifex MuPDF version 1.12.0, consider avoiding the use of the pdf read new xref function until a patch is available. As a temporary workaround, restrict the processing of crafted pdf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.