In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service via a crafted svg file, as demonstrated by mupdf-gl.