Description
MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering.
Published: 2026-06-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

MuPDF versions earlier than 1.27.0-rc1 have a flaw in the EPUB CSS rendering engine where the function value_from_inheritable_property() recurses through the CSS property inheritance chain without an explicit depth limit. When an application processes an EPUB file that contains deeply nested HTML elements and inline CSS styles, this recursion can overflow the process stack, leading to a crash and disabling the host application. The flaw is counted as a stack exhaustion vulnerability (CWE‑674) and effectively results in a denial‑of‑service condition.

Affected Systems

ArtifexSoftware's MuPDF versions prior to 1.27.0-rc1 are affected. The issue manifests in any product that incorporates MuPDF for EPUB rendering, regardless of the 1.27.0-rc1 EPUB file introduces deeply nested HTML elements and inline CSS, the function value_from_inheritable_property() recurses through the inheritance chain without a depth limit, exhausting the process stack and causing the application to crash. This is a classic stack exhaustion vulnerability identified as CWE‑674. Its primary consequence is denial of service for any application that renders such an EPUB file.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity rating. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The flaw is present in MuPDF versions before 1.27.0-rc1 EPUB file to a vulnerable system or by provoking the rendering of such a file in the background. No additional exploitation prerequisites are required beyond the ability to provide or cause the processing of the malicious EPUB content.

Generated by OpenCVE AI on June 24, 2026 at 10:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MuPDF to version 1.27.0-rc1 or later, which contains the patch for the recursion depth limit.
  • If an upgrade is not immediately possible, configure the application to reject EPUB files from untrusted sources by blocking or filtering their input before rendering.
  • Implement input validation that limits the depth of nested elements in EPUB files or strips problematic inline CSS to mitigate the risk of stack exhaustion.

Generated by OpenCVE AI on June 24, 2026 at 10:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Artifex
Artifex mupdf
CPEs cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*
Vendors & Products Artifex
Artifex mupdf

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Artifexsoftware
Artifexsoftware mupdf
Vendors & Products Artifexsoftware
Artifexsoftware mupdf

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 23 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering.
Title MuPDF < 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Artifex Mupdf
Artifexsoftware Mupdf
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-14T22:26:09.463Z

Reserved: 2026-06-23T17:14:32.284Z

Link: CVE-2025-71382

cve-icon Vulnrichment

Updated: 2026-06-23T17:36:30.598Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:30:14Z

Weaknesses