Filtered by vendor Artifex
Subscribe
Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9740 | 1 Artifex | 1 Ghostscript Ghostxps | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2016-10219 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |||||
| CVE-2017-8908 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. | |||||
| CVE-2016-8602 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | |||||
| CVE-2017-9618 | 1 Artifex | 1 Ghostscript Ghostxps | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2016-10246 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | |||||
| CVE-2016-7979 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | |||||
| CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | |||||
| CVE-2017-7885 | 1 Artifex | 1 Jbig2dec | 2025-04-20 | 5.8 MEDIUM | 7.1 HIGH |
| Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. | |||||
| CVE-2016-10247 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file. | |||||
| CVE-2013-5653 | 2 Artifex, Debian | 2 Afpl Ghostscript, Debian Linux | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |||||
| CVE-2016-7978 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | |||||
| CVE-2024-33869 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 5.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. | |||||
| CVE-2024-33870 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 6.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. | |||||
| CVE-2024-33871 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 8.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. | |||||
| CVE-2016-7506 | 1 Artifex | 1 Mujs | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition. | |||||
| CVE-2016-6525 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | |||||
| CVE-2016-7505 | 1 Artifex | 1 Mujs | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition. | |||||
| CVE-2016-7504 | 1 Artifex | 1 Mujs | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition. | |||||
| CVE-2015-3228 | 1 Artifex | 1 Afpl Ghostscript | 2025-04-12 | 6.8 MEDIUM | N/A |
| Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. | |||||