CVE-2023-31794 — Vulnetix

CVE-2023-31794 PUBLISHED CVSS 5.5 MEDIUM

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

EPSS 0.02% · 6.4th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.02%

6.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, n/a
artifex	mupdf	1.21.1, 1.21.1, 1.21.1

Exploit Intelligence

https://bugs.ghostscript.com/show_bug.cgi?id=706506 (circl)
https://git.ghostscript.com/?p=mupdf.git%3Bh=c0015401693b58e2deb5d75c39f27bc1216e47c6 (circl)
https://gist.github.com/spookhorror/c770d118767b1b0d89fdfe2845169d06 (osv)

Timeline

Oct 29, 2023 GitHub Gist PoC
Oct 31, 2023 CVE Published
Oct 31, 2023 EPSS Score
Dec 1, 2023 EPSS Score
Jan 1, 2024 EPSS Score
Jan 31, 2024 EPSS Score
Mar 2, 2024 EPSS Score
Apr 2, 2024 EPSS Score
May 3, 2024 EPSS Score
Jun 2, 2024 EPSS Score
Jul 3, 2024 EPSS Score
Aug 3, 2024 EPSS Score

References

https://bugs.ghostscript.com/show_bug.cgi?id=706506 url
https://git.ghostscript.com/?p=mupdf.git%3Bh=c0015401693b58e2deb5d75c39f27bc1216e47c6 url
https://gist.github.com/spookhorror/c770d118767b1b0d89fdfe2845169d06 url
https://nvd.nist.gov/vuln/detail/CVE-2023-31794 advisory
https://git.ghostscript.com/?p=mupdf.git;h=c0015401693b58e2deb5d75c39f27bc1216e47c6 url

Open in Interactive Console →