Filtered by vendor Artifex
Subscriptions
Total
224 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18662 | 1 Artifex | 1 Mupdf | 2024-09-12 | N/A |
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. | ||||
CVE-2018-16648 | 1 Artifex | 1 Mupdf | 2024-09-12 | N/A |
In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. | ||||
CVE-2018-16647 | 1 Artifex | 1 Mupdf | 2024-09-12 | N/A |
In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. | ||||
CVE-2018-10289 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-12 | 5.5 Medium |
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | ||||
CVE-2018-6192 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-11 | N/A |
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | ||||
CVE-2018-6187 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-11 | N/A |
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file. | ||||
CVE-2017-9216 | 2 Artifex, Debian | 2 Jbig2dec, Debian Linux | 2024-09-11 | 6.5 Medium |
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. | ||||
CVE-2017-15587 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | ||||
CVE-2020-26683 | 1 Artifex | 1 Mupdf | 2024-09-11 | 5.5 Medium |
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. | ||||
CVE-2019-7321 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. | ||||
CVE-2019-6131 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. | ||||
CVE-2019-6130 | 1 Artifex | 1 Mupdf | 2024-09-11 | N/A |
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. | ||||
CVE-2018-1000051 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-11 | N/A |
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. | ||||
CVE-2023-51107 | 1 Artifex | 1 Mupdf | 2024-09-09 | 7.5 High |
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product. | ||||
CVE-2023-31794 | 1 Artifex | 1 Mupdf | 2024-09-05 | 5.5 Medium |
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||||
CVE-2023-46361 | 1 Artifex | 1 Jbig2dec | 2024-09-05 | 6.5 Medium |
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. | ||||
CVE-2023-38560 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-08-20 | 5.5 Medium |
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. | ||||
CVE-2020-27792 | 3 Artifex, Debian, Redhat | 3 Ghostscript, Debian Linux, Enterprise Linux | 2024-08-19 | 7.1 High |
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | ||||
CVE-2024-29508 | 1 Artifex | 1 Ghostscript | 2024-08-19 | 3.3 Low |
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | ||||
CVE-2009-4897 | 1 Artifex | 3 Afpl Ghostscript, Ghostscript Fonts, Gpl Ghostscript | 2024-08-07 | N/A |
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. |