Latest Artifex Vulnerabilities

CVE-2024-24259
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
Artifex Mupdf=1.23.9
CVE-2024-24258
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
=1.23.9
CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one U...
Artifex Ghostscript=9.51
Artifex Ghostscript=9.52
Artifex Ghostscript=9.52.1
Artifex Ghostscript=9.53.0-rc1
Artifex Ghostscript=9.53.0-rc2
CVE-2023-51105
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.
=1.23.4
CVE-2023-51103
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c.
Artifex Mupdf=1.23.4
CVE-2023-51104
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.
=1.23.4
CVE-2023-51107
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c.
=1.23.4
CVE-2023-51106
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
=1.23.4
CVE-2023-46751
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Artifex Ghostscript<=10.02.0
ubuntu/ghostscript<9.55.0~dfsg1-0ubuntu5.6
ubuntu/ghostscript<10.0.0~dfsg1-0ubuntu1.5
ubuntu/ghostscript<10.01.2~dfsg1-0ubuntu2.2
ubuntu/ghostscript<10.02.1~dfsg-1
debian/ghostscript
CVE-2023-31794
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Artifex Mupdf=1.21.1
CVE-2023-46361
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.
Artifex Jbig2dec=0.20
CVE-2023-43115
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer para...
debian/ghostscript<=9.27~dfsg-2+deb10u5<=9.27~dfsg-2+deb10u9<=9.53.3~dfsg-7+deb11u5<=10.0.0~dfsg-11+deb12u1
Artifex Ghostscript<=10.01.2
ubuntu/ghostscript<10.02.0~dfsg-1<10.02.0
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.11
ubuntu/ghostscript<9.55.0~dfsg1-0ubuntu5.5
ubuntu/ghostscript<10.0.0~dfsg1-0ubuntu1.4
and 3 more
CVE-2020-26683
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.
Artifex Mupdf=1.17.0
CVE-2020-21896
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening...
Artifex Mupdf=1.16.0
CVE-2020-21890
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via openin...
Artifex Ghostscript=9.50
ubuntu/ghostscript<9.51<9.51~dfsg-1
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.04.18+
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.10
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.16.04.14+
debian/ghostscript<=9.27~dfsg-2+deb10u5
CVE-2020-21710
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.
Artifex Ghostscript=9.50
ubuntu/ghostscript<9.51<9.51~dfsg-1
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.04.18+
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.10
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.16.04.14+
debian/ghostscript<=9.27~dfsg-2+deb10u5
CVE-2023-4042
Ghostscript: incomplete fix for cve-2020-16305
Artifex Ghostscript<9.51
Redhat Enterprise Linux=8.0
redhat/ghostscript<9.51
Redhat Codeready Linux Builder=8.0
Redhat Codeready Linux Builder For Arm64=8.0_aarch64
Redhat Codeready Linux Builder For Ibm Z Systems=8.0_s390x
and 4 more
CVE-2023-38560
Ghostscript: integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name
Artifex Ghostscript
CVE-2023-38559
Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos
Artifex Ghostscript
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.04.18+
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.9
ubuntu/ghostscript<9.55.0~dfsg1-0ubuntu5.4
and 8 more
CVE-2021-33796
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
Artifex MuJS<1.1.2
CVE-2023-36664
A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Artifex Ghostscript<=10.01.2
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
redhat/ghostscript<0:9.54.0-10.el9_2
and 2 more
CVE-2021-33797
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *...
Artifex MuJS>=1.0.1<=1.1.1
CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TB...
Artifex Ghostscript<10.01.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/ghostscript<=9.27~dfsg-2+deb10u5
CVE-2022-44789
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a cra...
debian/mujs
Artifex MuJS>=1.0.0<1.3.2
Debian Debian Linux=11.0
Fedoraproject Fedora=37
CVE-2021-4216
Artifex Mupdf<1.20.0
CVE-2020-27792
Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c
Artifex Ghostscript<=9.50
Debian Debian Linux=10.0
redhat/ghostscript<9.27
CVE-2022-2085
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_p...
Artifex Ghostscript=9.55.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2022-30974
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
Artifex MuJS<=1.2.0
Debian Debian Linux=11.0
Fedoraproject Fedora=37
debian/mujs
CVE-2022-30975
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
Artifex MuJS<=1.2.0
Debian Debian Linux=11.0
Fedoraproject Fedora=37
debian/mujs
CVE-2022-1350
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads t...
Artifex Ghostpcl=9.55.0
CVE-2021-3781
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document ...
Artifex Ghostscript=9.50
Artifex Ghostscript=9.52
Artifex Ghostscript=9.53.3
Artifex Ghostscript=9.54.0
Fedoraproject Fedora=34
CVE-2021-45005
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.
Artifex MuJS=1.1.3
CVE-2021-45949
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
debian/ghostscript
Artifex Ghostscript>=9.50<=9.54.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2021-45944
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
debian/ghostscript
Artifex Ghostscript>=9.50<=9.53.3
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2021-37220
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool ...
Artifex Mupdf<=1.18.1
Fedoraproject Fedora=34
CVE-2020-19609
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
Artifex Mupdf<1.18.0
Debian Debian Linux=9.0
CVE-2020-22886
Artifex MuJS<1.0.8
CVE-2020-22885
Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.
Artifex MuJS<1.0.8
CVE-2021-3407
A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corruption and other potential consequences.
Artifex Mupdf=1.18.0
Fedoraproject Fedora=32
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Debian Debian Linux=9.0
CVE-2020-16600
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static ...
Artifex Mupdf<=1.16.1
Artifex Mupdf=1.17.0-rc1
CVE-2020-26519
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
debian/mupdf
debian/mupdf<=1.14.0+ds1-4<=1.17.0+ds1-1<=1.14.0+ds1-1<=1.14.0+ds1-4+deb10u1
Artifex Mupdf<1.18.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Fedoraproject Fedora=32
and 1 more
CVE-2020-14373
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
Artifex Ghostscript=9.25
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
CVE-2020-24343
Artifex MuJS<=1.0.7
CVE-2020-16299
A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file....
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16288
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16294
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is f...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16293
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a den...
redhat/ghostscript<0:9.27-1.el8
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-16302
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fix...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16303
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16287
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This ...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203