Impact
MuPDF versions earlier than 1.27.0-rc1 have a flaw in the EPUB CSS rendering engine where the function value_from_inheritable_property() recurses through the CSS property inheritance chain without an explicit depth limit. When an application processes an EPUB file that contains deeply nested HTML elements and inline CSS styles, this recursion can overflow the process stack, leading to a crash and disabling the host application. The flaw is counted as a stack exhaustion vulnerability (CWE‑674) and effectively results in a denial‑of‑service condition.
Affected Systems
ArtifexSoftware's MuPDF versions prior to 1.27.0-rc1 are affected. The issue manifests in any product that incorporates MuPDF for EPUB rendering, regardless of the 1.27.0-rc1 EPUB file introduces deeply nested HTML elements and inline CSS, the function value_from_inheritable_property() recurses through the inheritance chain without a depth limit, exhausting the process stack and causing the application to crash. This is a classic stack exhaustion vulnerability identified as CWE‑674. Its primary consequence is denial of service for any application that renders such an EPUB file.
Risk and Exploitability
The CVSS score of 7.1 indicates a high severity rating. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The flaw is present in MuPDF versions before 1.27.0-rc1 EPUB file to a vulnerable system or by provoking the rendering of such a file in the background. No additional exploitation prerequisites are required beyond the ability to provide or cause the processing of the malicious EPUB content.
OpenCVE Enrichment