Artifex
artifex
256 CVEs • 10 products
Products (10)
Click to collapseToggle
Products (10)
Click to collapse
CVEs (256)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Artifex Fedoraproject2Fedora MujsNov 21, 2024 Apr 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. |
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. |
5Artifex DebianFedoraproject+2 more12Ansible Tower Debian LinuxEnterprise Linux+9 moreNov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the f...Show more |
5Artifex DebianFedoraproject+2 more11Ansible Tower Debian LinuxEnterprise Linux Desktop+8 moreNov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file syst...Show more |
6Artifex CanonicalDebian+3 more11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 moreNov 21, 2024 Mar 21, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. |
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool. |
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool. This is related to page-number mishandling in cbz/mucbz.c, cbz/muimg.c, and svg/svg-doc.c. |
2Artifex Debian2Debian Linux GhostscriptNov 21, 2024 Jan 2, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. |
3Artifex DebianRedhat7Debian Linux Enterprise Linux DesktopEnterprise Linux Server+4 moreNov 21, 2024 Dec 20, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code i...Show more |
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated...Show more |
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstr...Show more |
2Artifex Redhat7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+4 moreNov 21, 2024 Dec 3, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a...Show more |
2Artifex Debian2Debian Linux MupdfNov 21, 2024 Nov 30, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool. |
4Artifex CanonicalDebian+1 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. |
4Artifex CanonicalDebian+1 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. |
4Artifex CanonicalDebian+1 more10Debian Linux Enterprise Linux DesktopEnterprise Linux Server+7 moreNov 21, 2024 Nov 23, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. |
4Artifex CanonicalDebian+1 more8Debian Linux Enterprise Linux DesktopEnterprise Linux Server+5 moreNov 21, 2024 Nov 21, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. |
There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. |
5Artifex CanonicalDebian+2 more11Debian Linux Enterprise Linux DesktopEnterprise Linux Server+8 moreNov 21, 2024 Oct 19, 2018 N/A· v4 8.6 HIGH· v3 6.8 MEDIUM· v2 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. |
4Artifex CanonicalDebian+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreNov 21, 2024 Oct 15, 2018 N/A· v4 6.3 MEDIUM· v3 4.3 MEDIUM· v2 Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. |