cvedb.io
CVE-2025-71382
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-06-23T18:17:41.087 · Last modified 2026-06-26T18:17:18.920

Summary

MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering.

Affected products

artifex — mupdf

Does this affect you?

Add your gear to cvedb and we'll alert you only when artifex ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.