Vulnerabilities (CVE)

Filtered by vendor Artifex Subscribe
Total 240 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27792 2 Artifex, Debian 2 Ghostscript, Debian Linux 2025-04-30 N/A 7.1 HIGH
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
CVE-2024-29507 1 Artifex 1 Ghostscript 2025-04-28 N/A 5.4 MEDIUM
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
CVE-2024-29510 1 Artifex 1 Ghostscript 2025-04-28 N/A 6.3 MEDIUM
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
CVE-2024-29511 1 Artifex 1 Ghostscript 2025-04-28 N/A 7.5 HIGH
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
CVE-2022-44789 3 Artifex, Debian, Fedoraproject 3 Mujs, Debian Linux, Fedora 2025-04-25 N/A 8.8 HIGH
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVE-2023-51104 1 Artifex 1 Mupdf 2025-04-23 N/A 7.5 HIGH
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.
CVE-2017-6196 1 Artifex 1 Afpl Ghostscript 2025-04-20 6.8 MEDIUM 7.8 HIGH
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2017-15587 1 Artifex 1 Mupdf 2025-04-20 6.8 MEDIUM 7.8 HIGH
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
CVE-2017-14946 2 Artifex, Microsoft 2 Gsview, Windows 2025-04-20 6.8 MEDIUM 7.8 HIGH
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."
CVE-2016-10132 2 Artifex, Fedoraproject 2 Mujs, Fedora 2025-04-20 5.0 MEDIUM 7.5 HIGH
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
CVE-2017-5628 1 Artifex 1 Mujs 2025-04-20 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.
CVE-2017-15369 1 Artifex 1 Mupdf 2025-04-20 6.8 MEDIUM 7.8 HIGH
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-9835 2 Artifex, Debian 2 Ghostscript, Debian Linux 2025-04-20 6.8 MEDIUM 7.8 HIGH
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2016-10220 1 Artifex 1 Ghostscript 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.
CVE-2017-9612 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2025-04-20 6.8 MEDIUM 7.8 HIGH
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-9739 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2025-04-20 6.8 MEDIUM 7.8 HIGH
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-14687 2 Artifex, Microsoft 2 Mupdf, Windows 2025-04-20 6.8 MEDIUM 7.8 HIGH
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.
CVE-2016-7977 1 Artifex 1 Ghostscript 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
CVE-2016-10317 1 Artifex 1 Ghostscript 2025-04-20 6.8 MEDIUM 7.8 HIGH
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2017-5951 1 Artifex 1 Ghostscript 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.