Artifex

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-7233 1Artifex 1Mupdf May 5, 2026 Apr 28, 2026 1.9 LOW· v4 6.1 MEDIUM· v3 1.7 LOW· v2 A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bound...Show more A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet.Show less
CVE-2026-40505 1Artifex 1Mupdf May 26, 2026 Apr 16, 2026 4.8 MEDIUM· v4 3.3 LOW· v3 N/A· v2 MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in...Show more MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands.Show less
CVE-2026-25556 1Artifex 1Mupdf Feb 24, 2026 Feb 6, 2026 5.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer...Show more MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes.Show less
CVE-2025-55780 1Artifex 1Mupdf Oct 8, 2025 Sep 23, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node,...Show more A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.Show less
CVE-2025-59800 1Artifex 1Ghostscript Sep 25, 2025 Sep 22, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
CVE-2025-59799 1Artifex 1Ghostscript Nov 3, 2025 Sep 22, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
CVE-2025-59798 1Artifex 1Ghostscript Nov 3, 2025 Sep 22, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
CVE-2025-46206 1Artifex 1Mupdf Oct 2, 2025 Aug 4, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next reference...Show more An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursionShow less
CVE-2025-48708 1Artifex 1Ghostscript Jun 20, 2025 May 23, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
CVE-2025-46646 1Artifex 1Ghostscript Jun 23, 2025 Apr 26, 2025 N/A· v4 4.5 MEDIUM· v3 N/A· v2 In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
CVE-2025-27837 1Artifex 1Ghostscript Apr 1, 2025 Mar 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
CVE-2025-27836 1Artifex 1Ghostscript Nov 3, 2025 Mar 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
CVE-2025-27835 1Artifex 1Ghostscript Nov 3, 2025 Mar 25, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
CVE-2025-27834 1Artifex 1Ghostscript Apr 1, 2025 Mar 25, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
CVE-2025-27833 1Artifex 1Ghostscript Apr 1, 2025 Mar 25, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
CVE-2025-27832 1Artifex 1Ghostscript Nov 3, 2025 Mar 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
CVE-2025-27831 1Artifex 1Ghostscript Nov 3, 2025 Mar 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
CVE-2025-27830 1Artifex 1Ghostscript Nov 3, 2025 Mar 25, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
CVE-2024-46657 1Artifex 1Mupdf Jul 1, 2025 Dec 10, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2024-46956 3Artifex DebianSuse 5Debian Linux GhostscriptLinux Enterprise High Performance Computing+2 more Nov 3, 2025 Nov 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

12 3 4 5...13 Next