Filtered by vendor Artifex
Subscriptions
Total
224 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-14687 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | ||||
CVE-2017-14686 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | ||||
CVE-2017-14685 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2024-08-05 | N/A |
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | ||||
CVE-2017-11714 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-08-05 | N/A |
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | ||||
CVE-2017-9835 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-08-05 | N/A |
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | ||||
CVE-2017-9740 | 1 Artifex | 1 Ghostscript Ghostxps | 2024-08-05 | N/A |
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9726 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2024-08-05 | N/A |
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9739 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2024-08-05 | N/A |
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9727 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2024-08-05 | N/A |
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9618 | 1 Artifex | 1 Ghostscript Ghostxps | 2024-08-05 | N/A |
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9619 | 1 Artifex | 1 Ghostscript Ghostxps | 2024-08-05 | N/A |
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file. | ||||
CVE-2017-9620 | 1 Artifex | 1 Ghostscript Ghostxps | 2024-08-05 | N/A |
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. | ||||
CVE-2017-9612 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2024-08-05 | N/A |
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9610 | 1 Artifex | 1 Ghostscript Ghostxps | 2024-08-05 | N/A |
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-9611 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-08-05 | 7.8 High |
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-8908 | 1 Artifex | 1 Ghostscript | 2024-08-05 | N/A |
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. | ||||
CVE-2017-8291 | 3 Artifex, Debian, Redhat | 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more | 2024-08-05 | 7.8 High |
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | ||||
CVE-2017-7976 | 1 Artifex | 1 Jbig2dec | 2024-08-05 | N/A |
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. | ||||
CVE-2017-7948 | 1 Artifex | 1 Ghostscript | 2024-08-05 | N/A |
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | ||||
CVE-2017-7975 | 1 Artifex | 1 Jbig2dec | 2024-08-05 | N/A |
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. |