Vulnerability - CVE-2025-46206

›

›vulnerability›CVE-2025-46206

Name

CVE-2025-46206

Source

NVD ( link)Debian ( link)

Description

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion

CWEs

Published Date

Aug 4, 2025

Updated Date

Jun 17, 2026

Workaround

-

Advisories

http://artifex.comProduct

http://mupdf.comProduct

https://bugs.ghostscript.com/show_bug.cgi?id=708521Issue Tracking

https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9acPermissions Required

https://github.com/Landw-hub/CVE-2025-46206Exploit

Analysis#

Affected Component

Analysis

Vulnerability Ratings#

6.5

CVSSv31

NaN

other

Others affected component#

Name

Project

Project Version

Version

Status

buildroot

master

1.23.9

Exploitable