Vulnerabilities > Artifex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2012-5340 | Integer Overflow or Wraparound vulnerability in multiple products SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. | 7.8 |
| 2019-11-27 | CVE-2019-14812 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
| 2019-11-27 | CVE-2019-10216 | In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
| 2019-11-15 | CVE-2019-14869 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 8.8 |
| 2019-09-06 | CVE-2019-14813 | Incorrect Authorization vulnerability in multiple products A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 9.8 |
| 2019-09-03 | CVE-2019-14817 | Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
| 2019-09-03 | CVE-2019-14811 | Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
| 2019-08-14 | CVE-2019-14975 | Out-of-bounds Read vulnerability in Artifex Mupdf Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string. | 7.1 |
| 2019-07-04 | CVE-2019-13290 | Out-of-bounds Write vulnerability in Artifex Mupdf 1.15.0 Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. | 7.8 |
| 2019-06-13 | CVE-2019-7321 | Use of Uninitialized Resource vulnerability in Artifex Mupdf 1.14.0 Usage of an uninitialized variable in the function fz_load_jpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code. | 9.8 |