CVE-2019-6131 — MEDIUM (5.5)

Vulnerability Description

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Artifex	Mupdf	1.14.0

Related Weaknesses (CWE)

CWE-674

References

http://www.securityfocus.com/bid/106558Third Party AdvisoryVDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=700442ExploitThird Party Advisory
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=c8f7e48ff7472
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
http://www.securityfocus.com/bid/106558Third Party AdvisoryVDB Entry
https://bugs.ghostscript.com/show_bug.cgi?id=700442ExploitThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2019-6131?

CVE-2019-6131 is a vulnerability with a CVSS score of 5.5 (MEDIUM). svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

How severe is CVE-2019-6131?

CVE-2019-6131 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6131?

Check the references section above for vendor advisories and patch information. Affected products include: Artifex Mupdf.