Vulnerabilities (CVE)

Filtered by vendor Artifex Subscribe
Total 188 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45944 1 Artifex 1 Ghostscript 2022-01-17 4.3 MEDIUM 5.5 MEDIUM
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVE-2021-45949 1 Artifex 1 Ghostscript 2022-01-15 4.3 MEDIUM 5.5 MEDIUM
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
CVE-2020-26519 3 Artifex, Debian, Fedoraproject 3 Mupdf, Debian Linux, Fedora 2022-01-06 4.3 MEDIUM 5.5 MEDIUM
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
CVE-2021-3407 3 Artifex, Debian, Fedoraproject 3 Mupdf, Debian Linux, Fedora 2021-12-15 4.3 MEDIUM 5.5 MEDIUM
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
CVE-2020-19609 2 Artifex, Debian 2 Mupdf, Debian Linux 2021-12-14 4.3 MEDIUM 5.5 MEDIUM
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
CVE-2018-1000036 2 Artifex, Debian 2 Mupdf, Debian Linux 2021-12-14 4.3 MEDIUM 5.5 MEDIUM
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
CVE-2018-10289 2 Artifex, Debian 2 Mupdf, Debian Linux 2021-12-14 4.3 MEDIUM 5.5 MEDIUM
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
CVE-2016-10246 2 Artifex, Debian 2 Mupdf, Debian Linux 2021-12-14 4.3 MEDIUM 5.5 MEDIUM
Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2016-10247 2 Artifex, Debian 2 Mupdf, Debian Linux 2021-12-14 4.3 MEDIUM 5.5 MEDIUM
Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
CVE-2021-37220 2 Artifex, Fedoraproject 2 Mupdf, Fedora 2021-11-28 4.3 MEDIUM 5.5 MEDIUM
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
CVE-2020-12268 3 Artifex, Debian, Opensuse 3 Jbig2dec, Debian Linux, Leap 2021-11-02 7.5 HIGH 9.8 CRITICAL
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
CVE-2017-9216 2 Artifex, Debian 2 Jbig2dec, Debian Linux 2021-11-02 4.3 MEDIUM 6.5 MEDIUM
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
CVE-2017-5991 1 Artifex 1 Mupdf 2021-10-15 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
CVE-2017-6060 1 Artifex 1 Mupdf 2021-09-24 6.8 MEDIUM 7.8 HIGH
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
CVE-2019-11412 1 Artifex 1 Mujs 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.
CVE-2020-15900 1 Artifex 1 Ghostscript 2021-07-21 7.5 HIGH 9.8 CRITICAL
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVE-2020-22886 1 Artifex 1 Mujs 2021-07-15 5.0 MEDIUM 7.5 HIGH
Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.
CVE-2020-22885 1 Artifex 1 Mujs 2021-07-15 5.0 MEDIUM 7.5 HIGH
Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.
CVE-2020-16600 1 Artifex 1 Mupdf 2020-12-14 6.8 MEDIUM 7.8 HIGH
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.
CVE-2019-11411 1 Artifex 1 Mujs 2020-11-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.