Filtered by vendor Artifex
Subscriptions
Total
244 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7264 | 1 Artifex | 1 Mupdf | 2025-04-20 | 5.3 Medium |
| Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2017-7975 | 1 Artifex | 1 Jbig2dec | 2025-04-20 | N/A |
| Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. | ||||
| CVE-2017-8908 | 1 Artifex | 1 Ghostscript | 2025-04-20 | N/A |
| The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. | ||||
| CVE-2017-9216 | 2 Artifex, Debian | 2 Jbig2dec, Debian Linux | 2025-04-20 | 6.5 Medium |
| libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. | ||||
| CVE-2017-9610 | 1 Artifex | 1 Ghostscript Ghostxps | 2025-04-20 | N/A |
| The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2024-33869 | 2 Artifex, Redhat | 3 Ghostscript, Enterprise Linux, Rhel Eus | 2025-04-16 | 5.3 Medium |
| An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. | ||||
| CVE-2024-33870 | 2 Artifex, Redhat | 3 Ghostscript, Enterprise Linux, Rhel Eus | 2025-04-16 | 6.3 Medium |
| An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. | ||||
| CVE-2024-33871 | 2 Artifex, Redhat | 7 Ghostscript, Enterprise Linux, Rhel Aus and 4 more | 2025-04-16 | 8.8 High |
| An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. | ||||
| CVE-2022-1350 | 1 Artifex | 1 Ghostpcl | 2025-04-15 | 4.3 Medium |
| A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue. | ||||
| CVE-2016-7505 | 1 Artifex | 1 Mujs | 2025-04-12 | N/A |
| A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition. | ||||
| CVE-2016-7504 | 1 Artifex | 1 Mujs | 2025-04-12 | N/A |
| A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition. | ||||
| CVE-2015-3228 | 1 Artifex | 1 Afpl Ghostscript | 2025-04-12 | N/A |
| Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. | ||||
| CVE-2016-6525 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2025-04-12 | N/A |
| Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | ||||
| CVE-2016-6265 | 2 Artifex, Opensuse | 3 Mupdf, Leap, Opensuse | 2025-04-12 | N/A |
| Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | ||||
| CVE-2014-2013 | 1 Artifex | 1 Mupdf | 2025-04-12 | N/A |
| Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element. | ||||
| CVE-2016-9294 | 1 Artifex | 1 Mujs | 2025-04-12 | 7.5 High |
| Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component. | ||||
| CVE-2016-9017 | 1 Artifex | 1 Mujs | 2025-04-12 | N/A |
| Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component. | ||||
| CVE-2016-9136 | 1 Artifex | 1 Mujs | 2025-04-12 | 7.5 High |
| Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue. | ||||
| CVE-2016-7506 | 1 Artifex | 1 Mujs | 2025-04-12 | N/A |
| An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition. | ||||
| CVE-2010-4054 | 2 Artifex, Redhat | 4 Afpl Ghostscript, Ghostscript Fonts, Gpl Ghostscript and 1 more | 2025-04-11 | N/A |
| The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. | ||||