Vulnerabilities (CVE)

Vendor filter

Artifex Subscribe

Filter

128 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-19134 3 Artifex, Debian, Redhat 7 Ghostscript, Debian Linux, Enterprise Linux Desktop and 4 more 2019-01-11 6.8
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the...
CVE-2018-19478 2 Artifex, Debian 2 Ghostscript, Debian Linux 2019-01-11 4.3
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
CVE-2018-19881 1 Artifex 1 Mupdf 2018-12-31 4.3
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
CVE-2018-19882 1 Artifex 1 Mupdf 2018-12-31 4.3
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
CVE-2018-19777 2 Artifex, Debian 2 Mupdf, Debian Linux 2018-12-26 4.3
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
CVE-2018-19477 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-20 6.8
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVE-2018-19476 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-20 6.8
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVE-2018-19475 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-20 6.8
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
CVE-2018-19409 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2018-12-18 7.5
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-18284 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-18 7.5
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2018-18073 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-18 4.3
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
CVE-2018-17961 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-18 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
CVE-2018-17183 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-18 6.8
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
CVE-2018-16802 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-18 6.8
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the...
CVE-2018-16541 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-18 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
CVE-2018-15911 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2018-12-18 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
CVE-2018-18662 1 Artifex 1 Mupdf 2018-12-06 4.3
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool.
CVE-2018-16509 4 Artifex, Canonical, Debian and 1 more 7 Ghostscript, Ubuntu Linux, Debian Linux and 4 more 2018-12-04 9.3
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe"...
CVE-2018-15908 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2018-11-29 6.8
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
CVE-2018-6544 1 Artifex 1 Mupdf 2018-11-27 4.3
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.