Vulnerabilities (CVE)

Vendor filter

Artifex Subscribe

Filter

145 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16863 2 Artifex, Redhat 7 Ghostscript, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-10-09 9.3
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted...
CVE-2016-9601 2 Artifex, Debian 3 Gpl Ghostscript, Jbig2dec, Debian Linux 2019-10-09 4.3
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with...
CVE-2018-16585 3 Artifex, Canonical, Debian 3 Ghostscript, Ubuntu Linux, Debian Linux 2019-10-09 6.8
** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to...
CVE-2018-6544 2 Artifex, Debian 2 Mupdf, Debian Linux 2019-10-03 4.3
pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document.
CVE-2017-9612 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2019-10-03 6.8
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2018-17961 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-10-03 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
CVE-2017-9620 1 Artifex 1 Ghostscript Ghostxps 2019-10-03 6.8
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a...
CVE-2018-16802 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2019-10-03 6.8
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the...
CVE-2017-9739 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2019-10-03 6.8
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2018-10289 1 Artifex 1 Mupdf 2019-10-03 4.3
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
CVE-2017-9835 2 Artifex, Debian 2 Ghostscript, Debian Linux 2019-10-03 6.8
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript...
CVE-2018-19777 2 Artifex, Debian 2 Mupdf, Debian Linux 2019-10-03 4.3
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
CVE-2017-9610 1 Artifex 1 Ghostscript Ghostxps 2019-10-03 6.8
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted...
CVE-2018-19409 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2019-10-03 7.5
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2018-19475 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 6.8
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
CVE-2018-5759 1 Artifex 1 Mujs 2019-10-03 4.3
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.
CVE-2018-18284 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2019-10-03 6.8
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2018-15908 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2019-10-03 6.8
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
CVE-2017-9611 2 Artifex, Debian 2 Ghostscript Ghostxps, Debian Linux 2019-10-03 6.8
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2018-1000036 1 Artifex 1 Mupdf 2019-10-03 4.3
In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file.