Filtered by vendor Artifex
Subscriptions
Total
224 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7885 | 1 Artifex | 1 Jbig2dec | 2024-08-05 | N/A |
| Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. | ||||
| CVE-2017-7264 | 1 Artifex | 1 Mupdf | 2024-08-05 | 5.3 Medium |
| Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2017-7207 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-08-05 | N/A |
| The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | ||||
| CVE-2017-6196 | 1 Artifex | 1 Afpl Ghostscript | 2024-08-05 | N/A |
| Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. | ||||
| CVE-2017-5951 | 1 Artifex | 1 Ghostscript | 2024-08-05 | N/A |
| The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | ||||
| CVE-2017-5991 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-08-05 | 7.5 High |
| An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. | ||||
| CVE-2017-5896 | 1 Artifex | 1 Mupdf | 2024-08-05 | N/A |
| Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. | ||||
| CVE-2017-5628 | 1 Artifex | 1 Mujs | 2024-08-05 | 7.8 High |
| An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file. | ||||
| CVE-2017-5627 | 1 Artifex | 1 Mujs | 2024-08-05 | 7.8 High |
| An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file. | ||||
| CVE-2018-1000038 | 1 Artifex | 1 Mupdf | 2024-08-05 | N/A |
| In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | ||||
| CVE-2018-1000040 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-08-05 | N/A |
| In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | ||||
| CVE-2018-1000039 | 1 Artifex | 1 Mupdf | 2024-08-05 | 6.3 Medium |
| In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | ||||
| CVE-2018-1000037 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-08-05 | 5.5 Medium |
| In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | ||||
| CVE-2018-19475 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-08-05 | N/A |
| psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | ||||
| CVE-2018-19476 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-08-05 | N/A |
| psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | ||||
| CVE-2018-19478 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-08-05 | N/A |
| In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. | ||||
| CVE-2018-19477 | 4 Artifex, Canonical, Debian and 1 more | 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more | 2024-08-05 | N/A |
| psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | ||||
| CVE-2018-19409 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-08-05 | N/A |
| An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | ||||
| CVE-2018-19134 | 3 Artifex, Debian, Redhat | 8 Ghostscript, Debian Linux, Enterprise Linux and 5 more | 2024-08-05 | N/A |
| In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. | ||||
| CVE-2018-16585 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2024-08-05 | N/A |
| An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193) | ||||