Filtered by vendor Artifex
Subscribe
Total
248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10217 | 1 Artifex | 1 Ghostscript | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. | |||||
| CVE-2015-3228 | 1 Artifex | 1 Afpl Ghostscript | 2023-11-07 | 6.8 MEDIUM | N/A |
| Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. | |||||
| CVE-2014-2013 | 1 Artifex | 1 Mupdf | 2023-11-07 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element. | |||||
| CVE-2020-21890 | 1 Artifex | 1 Ghostscript | 2023-08-25 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. | |||||
| CVE-2021-33796 | 1 Artifex | 1 Mujs | 2023-07-13 | N/A | 7.5 HIGH |
| In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. | |||||
| CVE-2021-3781 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2023-06-26 | 9.3 HIGH | 9.9 CRITICAL |
| A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2013-6629 | 9 Artifex, Canonical, Debian and 6 more | 12 Gpl Ghostscript, Ubuntu Linux, Debian Linux and 9 more | 2023-06-21 | 5.0 MEDIUM | N/A |
| The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. | |||||
| CVE-2018-16863 | 2 Artifex, Redhat | 7 Ghostscript, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2023-02-12 | 9.3 HIGH | 7.8 HIGH |
| It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. | |||||
| CVE-2022-2085 | 2 Artifex, Fedoraproject | 2 Ghostscript, Fedora | 2023-02-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | |||||
| CVE-2016-8729 | 1 Artifex | 1 Mupdf | 2022-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability. | |||||
| CVE-2016-8728 | 1 Artifex | 1 Mupdf | 2022-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability. | |||||
| CVE-2021-4216 | 1 Artifex | 1 Mupdf | 2022-08-31 | N/A | 5.5 MEDIUM |
| A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. | |||||
| CVE-2022-1350 | 1 Artifex | 1 Ghostpcl | 2022-04-23 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. | |||||
| CVE-2021-45005 | 1 Artifex | 1 Mujs | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. | |||||
| CVE-2020-12268 | 3 Artifex, Debian, Opensuse | 3 Jbig2dec, Debian Linux, Leap | 2021-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | |||||
| CVE-2020-22886 | 1 Artifex | 1 Mujs | 2021-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | |||||
| CVE-2020-22885 | 1 Artifex | 1 Mujs | 2021-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. | |||||
| CVE-2020-24343 | 1 Artifex | 1 Mujs | 2020-08-19 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. | |||||
| CVE-2016-9136 | 1 Artifex | 1 Mujs | 2020-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue. | |||||
| CVE-2017-17866 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||