Vulnerabilities (CVE)

Filtered by vendor Artifex Subscribe
Total 230 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5951 1 Artifex 1 Ghostscript 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-5896 1 Artifex 1 Mupdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.
CVE-2017-5628 1 Artifex 1 Mujs 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.
CVE-2017-5627 1 Artifex 1 Mujs 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file.
CVE-2017-17866 2 Artifex, Debian 2 Mupdf, Debian Linux 2024-11-21 6.8 MEDIUM 7.8 HIGH
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-17858 1 Artifex 1 Mupdf 2024-11-21 6.8 MEDIUM 7.8 HIGH
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
CVE-2017-15652 1 Artifex 1 Ghostscript 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.
CVE-2017-15587 1 Artifex 1 Mupdf 2024-11-21 6.8 MEDIUM 7.8 HIGH
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
CVE-2017-15369 1 Artifex 1 Mupdf 2024-11-21 6.8 MEDIUM 7.8 HIGH
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-14947 2 Artifex, Microsoft 2 Gsview, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."
CVE-2017-14946 2 Artifex, Microsoft 2 Gsview, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."
CVE-2017-14945 2 Artifex, Microsoft 2 Gsview, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."
CVE-2017-14687 2 Artifex, Microsoft 2 Mupdf, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.
CVE-2017-14686 2 Artifex, Microsoft 2 Mupdf, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.
CVE-2017-14685 2 Artifex, Microsoft 2 Mupdf, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.
CVE-2017-11714 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-11-21 6.8 MEDIUM 7.8 HIGH
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2016-9601 2 Artifex, Debian 3 Gpl Ghostscript, Jbig2dec, Debian Linux 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
CVE-2016-9294 1 Artifex 1 Mujs 2024-11-21 5.0 MEDIUM 7.5 HIGH
Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component.
CVE-2016-9136 1 Artifex 1 Mujs 2024-11-21 5.0 MEDIUM 7.5 HIGH
Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue.
CVE-2016-9109 1 Artifex 1 Mujs 2024-11-21 5.0 MEDIUM 7.5 HIGH
Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563.