Vulnerabilities (CVE)

Filtered by vendor Artifex Subscribe
Total 221 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-16288 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-16306 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
CVE-2020-16303 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 6.8 MEDIUM 7.8 HIGH
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
CVE-2020-16294 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-12268 3 Artifex, Debian, Opensuse 3 Jbig2dec, Debian Linux, Leap 2023-12-10 7.5 HIGH 9.8 CRITICAL
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
CVE-2020-16310 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-16300 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-24343 1 Artifex 1 Mujs 2023-12-10 6.8 MEDIUM 7.8 HIGH
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.
CVE-2020-14373 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2023-12-10 2.1 LOW 5.5 MEDIUM
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
CVE-2020-16307 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
CVE-2020-16305 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-16295 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-16287 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2019-10216 2 Artifex, Redhat 9 Ghostscript, 3scale Api Management, Enterprise Linux and 6 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
CVE-2012-5340 2 Artifex, Sumatrapdfreader 2 Mupdf, Sumatrapdf 2023-12-10 6.8 MEDIUM 7.8 HIGH
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
CVE-2019-14869 3 Artifex, Fedoraproject, Opensuse 3 Ghostscript, Fedora, Leap 2023-12-10 6.8 MEDIUM 8.8 HIGH
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVE-2019-14812 2 Artifex, Fedoraproject 2 Ghostscript, Fedora 2023-12-10 6.8 MEDIUM 7.8 HIGH
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-3838 5 Artifex, Debian, Fedoraproject and 2 more 12 Ghostscript, Debian Linux, Fedora and 9 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVE-2019-3835 5 Artifex, Debian, Fedoraproject and 2 more 11 Ghostscript, Debian Linux, Fedora and 8 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVE-2019-13290 1 Artifex 1 Mupdf 2023-12-10 6.8 MEDIUM 7.8 HIGH
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node.