Vulnerabilities > Artifex > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-27 CVE-2020-12268 Out-of-bounds Write vulnerability in multiple products
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
network
low complexity
artifex debian opensuse CWE-787
7.5
7.5
2020-01-23 CVE-2012-5340 Integer Overflow or Wraparound vulnerability in multiple products
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
local
low complexity
sumatrapdfreader artifex CWE-190
7.8
7.8
2019-11-27 CVE-2019-14812 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
local
low complexity
artifex fedoraproject CWE-732
7.8
7.8
2019-11-27 CVE-2019-10216 In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
local
low complexity
artifex redhat
7.8
7.8
2019-11-15 CVE-2019-14869 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex fedoraproject opensuse CWE-732
8.8
8.8
2019-09-03 CVE-2019-14817 Incorrect Authorization vulnerability in multiple products
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. 		7.8
7.8
2019-09-03 CVE-2019-14811 Incorrect Authorization vulnerability in multiple products
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. 		7.8
7.8
2019-08-14 CVE-2019-14975 Out-of-bounds Read vulnerability in Artifex Mupdf
Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.
local
low complexity
artifex CWE-125
7.1
7.1
2019-07-04 CVE-2019-13290 Out-of-bounds Write vulnerability in Artifex Mupdf 1.15.0
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file.
local
low complexity
artifex CWE-787
7.8
7.8
2019-05-16 CVE-2019-3839 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. 7.8
7.8