In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service via a crafted svg file, as demonstrated by mupdf-gl.