MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function valuefrominheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering.
{
"binaries": [
{
"binary_name": "libmupdf25.1",
"binary_version": "1.25.1+ds1-7"
},
{
"binary_name": "mupdf",
"binary_version": "1.25.1+ds1-7"
},
{
"binary_name": "mupdf-tools",
"binary_version": "1.25.1+ds1-7"
},
{
"binary_name": "python3-mupdf",
"binary_version": "1.25.1+ds1-7"
}
]
}{
"binaries": [
{
"binary_name": "libmupdf27.0",
"binary_version": "1.27.0+ds1-3ubuntu2"
},
{
"binary_name": "mupdf",
"binary_version": "1.27.0+ds1-3ubuntu2"
},
{
"binary_name": "mupdf-tools",
"binary_version": "1.27.0+ds1-3ubuntu2"
},
{
"binary_name": "python3-mupdf",
"binary_version": "1.27.0+ds1-3ubuntu2"
}
]
}