MuPDF is vulnerable to denial of service (DoS) attacks and possibly other attacks. These attacks can be performed because the read_zip_dir_imp
function does not check if the size fields in a ZIP entry are negative. It can be triggered using a .xps
file.