关联漏洞
标题:
artifex mupdf 安全漏洞
(CVE-2025-46206)
描述:artifex mupdf是个人开发者的一款富文本编辑器。富文本编辑器不同于文本编辑器,程序员可到网上下载免费的富文本编辑器内嵌于自己的网站或程序里(当然付费的功能会更强大些),方便用户编辑文章或信息。 artifex mupdf 1.25.6版本和1.25.5版本存在安全漏洞,该漏洞源于处理特制PDF文件时mutool clean工具出现无限递归,可能导致拒绝服务。
介绍
There is a denial of service vulnerability in MuPDF 1.25.6 and earlier versions. When an attacker runs the "mutool clean poc /dev/null" command, the program will fall into an infinite recursion between the strip_outlines() and strip_outline() functions in pdf-clean-file.c until the stack is exhausted.
See the attachment for the specific POC file, vulnerability cause, reproduction process and repair suggestions.
The vendor (Artifex Software, maintainer of MuPDF) has acknowledged the issue and fixed the bug. The fix has been committed in their official repository.
Here is the public link to the patch / commit provided by the vendor:
https://bugs.ghostscript.com/show_bug.cgi?id=708521
https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac
This confirms that the vulnerability has been acknowledged and remediated.
文件快照
[4.0K] /data/pocs/eb00f2929b18118c0c17507ec60cc63c793397c3
├── [1.4K] mupdf-clean-poc
├── [ 878] README.md
├── [638K] vulnerability cause.doc
└── [517K] vulnerability reproduction process.doc
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。