Filtered by vendor Artifex
Subscribe
Total
221 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6544 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | |||||
CVE-2018-1000038 | 1 Artifex | 1 Mupdf | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | |||||
CVE-2018-6192 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | |||||
CVE-2017-9739 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-9216 | 2 Artifex, Debian | 2 Jbig2dec, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. | |||||
CVE-2017-9611 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2018-5686 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. | |||||
CVE-2017-9619 | 1 Artifex | 1 Ghostscript Ghostxps | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file. | |||||
CVE-2017-14685 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | |||||
CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | |||||
CVE-2017-9740 | 1 Artifex | 1 Ghostscript Ghostxps | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-14947 | 2 Artifex, Microsoft | 2 Gsview, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359." | |||||
CVE-2017-9726 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-9618 | 1 Artifex | 1 Ghostscript Ghostxps | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-17866 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||
CVE-2017-14687 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | |||||
CVE-2017-14945 | 2 Artifex, Microsoft | 2 Gsview, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." | |||||
CVE-2017-9612 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | |||||
CVE-2017-15587 | 1 Artifex | 1 Mupdf | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | |||||
CVE-2017-14686 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. |