CVE-2025-46206 | THREATINT

Description

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion

PUBLISHED Reserved 2025-04-22 | Published 2025-08-04 | Updated 2025-08-05 | Assigner mitre

References

artifex.com

mupdf.com

github.com/Landw-hub/CVE-2025-46206

bugs.ghostscript.com/show_bug.cgi?id=708521

cgit.ghostscript.com/...e4d2201bb6df217e01c17396d36297abf9ac

cve.org (CVE-2025-46206)

nvd.nist.gov (CVE-2025-46206)

Download JSON