CVE-2019-6131
First published: Fri Jan 11 2019(Updated: )
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Mupdf | =1.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/106558
- https://bugs.ghostscript.com/show_bug.cgi?id=700442
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEK2EHVNREJ7XZMFF2MXRWKIF4IBHPNE/
Frequently Asked Questions
What is CVE-2019-6131?
CVE-2019-6131 is a vulnerability in Artifex MuPDF 1.14.0 that allows for infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use functions.
What is the severity of CVE-2019-6131?
The severity of CVE-2019-6131 is medium with a CVSS score of 5.5.
How does CVE-2019-6131 affect Artifex MuPDF?
CVE-2019-6131 affects Artifex MuPDF version 1.14.0.
How can I fix CVE-2019-6131?
To fix CVE-2019-6131, it is recommended to update to the latest version of Artifex MuPDF.
Are there any references for CVE-2019-6131?
Yes, you can find more information about CVE-2019-6131 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/106558), [Ghostscript Bug](https://bugs.ghostscript.com/show_bug.cgi?id=700442), [Fedora Project](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/)
- collector/nvd-index
- agent/author
- agent/event
- vendor/artifex
- canonical/artifex mupdf
- version/artifex mupdf/1.14.0