VDB
CVE-2025-46206
CVE-2025-46206
PUBLISHED
CVSS 6.5 MEDIUM
An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
EPSS 0.72% · 72.9th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.72%
72.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| artifex | mupdf | 0 |
Exploit Intelligence
- Landw-hub/CVE-2025-46206 (github-poc-repo)
- Landw-hub/CVE-2025-46206 (github-poc-repo)
- Landw-hub/CVE-2025-46206 (github-poc-repo)
- Landw-hub/CVE-2025-46206 (github-poc-repo)
- Landw-hub/CVE-2025-46206 (github-poc-repo)
- Landw-hub/CVE-2025-46206 (github-poc-repo)
- Landw-hub/CVE-2025-46206 (github-poc-repo)
- Landw-hub/CVE-2025-46206 (github-poc)
- Landw-hub/CVE-2025-46206 (github-poc)
- Landw-hub/CVE-2025-46206 (github-poc)
…and 28 more exploits
Timeline
- Aug 4, 2025 CVE Published
- Aug 4, 2025 Coalition ESS Score
- Aug 4, 2025 Coalition ESS Score
- Aug 4, 2025 PoC Published
- Aug 5, 2025 EPSS Score
- Aug 5, 2025 Coalition ESS Score
- Aug 5, 2025 CVE Updated
- Aug 6, 2025 PoC Published
- Aug 14, 2025 EPSS Score
- Aug 22, 2025 EPSS Score
- Aug 22, 2025 Coalition ESS Score
- Aug 26, 2025 Coalition ESS Score
References
- http://artifex.com url
- http://mupdf.com url
- https://github.com/Landw-hub/CVE-2025-46206 url
- https://bugs.ghostscript.com/show_bug.cgi?id=708521 url
- https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac url
- https://nvd.nist.gov/vuln/detail/CVE-2025-46206 advisory