PT-2025-31832 · Artifex +1 · Artifex Mupdf +1

Landw-Hub

Published

2025-08-04

Updated

2025-08-04

CVE-2025-46206

Report an issue

CVSS v3.1

6.5

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions:

Artifex mupdf versions 1.25.5 through 1.25.6

Description:

An issue in Artifex mupdf allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip outline()` function enters infinite recursion.

Recommendations:

Artifex mupdf version 1.25.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Artifex mupdf version 1.25.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Uncontrolled Recursion

Weakness Enumeration

CWE-400CWE-674

Related Identifiers

CVE-2025-46206

Affected Products

Artifex Mupdf

Debian

PT-2025-31832 · Artifex +1 · Artifex Mupdf +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 13