In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service via a crafted pdf file.