Vulnerabilities (CVE)

Filtered by vendor Artifex Subscribe
Total 221 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1000039 1 Artifex 1 Mupdf 2024-07-12 6.8 MEDIUM 6.3 MEDIUM
In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.
CVE-2023-51107 1 Artifex 1 Mupdf 2024-07-12 N/A 7.5 HIGH
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product.
CVE-2018-1000040 2 Artifex, Debian 2 Mupdf, Debian Linux 2024-07-12 4.3 MEDIUM 5.5 MEDIUM
In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
CVE-2018-1000038 1 Artifex 1 Mupdf 2024-07-12 6.8 MEDIUM 7.8 HIGH
In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.
CVE-2018-1000037 2 Artifex, Debian 2 Mupdf, Debian Linux 2024-07-12 4.3 MEDIUM 5.5 MEDIUM
In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file.
CVE-2018-1000036 2 Artifex, Debian 2 Mupdf, Debian Linux 2024-07-12 4.3 MEDIUM 5.5 MEDIUM
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.
CVE-2017-7264 1 Artifex 1 Mupdf 2024-07-12 6.8 MEDIUM 7.8 HIGH
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
CVE-2023-51105 1 Artifex 1 Mupdf 2024-07-11 N/A 7.5 HIGH
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.
CVE-2023-51104 1 Artifex 1 Mupdf 2024-07-11 N/A 7.5 HIGH
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.
CVE-2023-51103 1 Artifex 1 Mupdf 2024-07-11 N/A 7.5 HIGH
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.
CVE-2017-8291 3 Artifex, Debian, Redhat 8 Ghostscript, Debian Linux, Enterprise Linux Desktop and 5 more 2024-07-02 6.8 MEDIUM 7.8 HIGH
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVE-2018-16585 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2024-05-17 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
CVE-2012-4875 1 Artifex 1 Gpl Ghostscript 2024-05-17 9.3 HIGH N/A
Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it
CVE-2023-51106 1 Artifex 1 Mupdf 2024-03-18 N/A 7.5 HIGH
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
CVE-2023-38559 4 Artifex, Debian, Fedoraproject and 1 more 4 Ghostscript, Debian Linux, Fedora and 1 more 2024-03-08 N/A 5.5 MEDIUM
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
CVE-2020-36773 1 Artifex 1 Ghostscript 2024-03-04 N/A 9.8 CRITICAL
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
CVE-2023-43115 2 Artifex, Fedoraproject 2 Ghostscript, Fedora 2024-02-22 N/A 8.8 HIGH
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
CVE-2024-24259 1 Artifex 1 Mupdf 2024-02-21 N/A 7.5 HIGH
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
CVE-2024-24258 1 Artifex 1 Mupdf 2024-02-21 N/A 7.5 HIGH
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
CVE-2023-4042 2 Artifex, Redhat 9 Ghostscript, Codeready Linux Builder, Codeready Linux Builder For Arm64 and 6 more 2023-12-27 N/A 5.5 MEDIUM
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.