CVE-2018-19777
First published: Fri Nov 30 2018(Updated: )
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/mupdf | <=1.14.0+ds1-4+deb10u3<=1.14.0+ds1-4+deb10u2 | 1.17.0+ds1-2 1.17.0+ds1-1.3~deb11u1 1.21.1+ds2-1 1.22.2+ds1-2 |
| Artifex Mupdf | =1.14.0 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-19777?
CVE-2018-19777 is a vulnerability in Artifex MuPDF 1.14.0 that allows for an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c.
What is the severity of CVE-2018-19777?
CVE-2018-19777 has a severity rating of 5.5 (Medium).
How does CVE-2018-19777 affect Artifex MuPDF?
CVE-2018-19777 affects Artifex MuPDF 1.14.0.
How can I fix CVE-2018-19777 for Artifex MuPDF?
To fix CVE-2018-19777 for Artifex MuPDF, update to version 1.17.0+ds1-2, 1.17.0+ds1-1.3~deb11u1, 1.21.1+ds2-1, or 1.22.2+ds1-2.
Are there any additional references for CVE-2018-19777?
Yes, you can find additional references for CVE-2018-19777 at the following links: [1] [2] [3].
- collector/security-tracker-debian
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- package-manager/debian
- vendor/artifex
- canonical/artifex mupdf
- version/artifex mupdf/1.14.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0