Vulnerabilities > Artifex

DATE CVE VULNERABILITY TITLE RISK
2019-01-11 CVE-2019-6130 Range Error vulnerability in Artifex Mupdf 1.14.0
Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fitz/document.c file, as demonstrated by mutool.
local
low complexity
artifex CWE-118
5.5
2019-01-02 CVE-2018-19478 Improper Input Validation vulnerability in multiple products
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
local
low complexity
artifex debian CWE-20
5.5
2018-12-20 CVE-2018-19134 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types.
local
low complexity
artifex debian redhat CWE-704
7.8
2018-12-06 CVE-2018-19882 NULL Pointer Dereference vulnerability in Artifex Mupdf 1.14.0
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
local
low complexity
artifex CWE-476
5.5
2018-12-06 CVE-2018-19881 Resource Exhaustion vulnerability in Artifex Mupdf 1.14.0
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
local
low complexity
artifex CWE-400
5.5
2018-12-03 CVE-2018-16863 It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509.
local
low complexity
artifex redhat
7.8
2018-11-30 CVE-2018-19777 Infinite Loop vulnerability in multiple products
In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.
local
low complexity
artifex debian CWE-835
5.5
2018-11-23 CVE-2018-19477 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
2018-11-23 CVE-2018-19476 Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
local
low complexity
artifex debian canonical redhat CWE-704
7.8
2018-11-23 CVE-2018-19475 psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
local
low complexity
artifex debian canonical redhat
7.8