Vulnerabilities > Artifex > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-19 | CVE-2020-27792 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. | 7.1 |
2022-04-25 | CVE-2019-25059 | Artifex Ghostscript through 9.26 mishandles .completefont. | 7.8 |
2022-04-14 | CVE-2022-1350 | Out-of-bounds Write vulnerability in Artifex Ghostpcl 9.55.0 A vulnerability classified as problematic was found in GhostPCL 9.55.0. | 7.8 |
2021-07-13 | CVE-2020-22885 | Classic Buffer Overflow vulnerability in Artifex Mujs Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. | 7.5 |
2021-07-13 | CVE-2020-22886 | Classic Buffer Overflow vulnerability in Artifex Mujs Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | 7.5 |
2020-12-09 | CVE-2020-16600 | Use After Free vulnerability in Artifex Mupdf A Use After Free vulnerability exists in Artifex Software, Inc. | 7.8 |
2020-08-13 | CVE-2020-24343 | Use After Free vulnerability in Artifex Mujs Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. | 7.8 |
2020-08-13 | CVE-2020-16303 | Use After Free vulnerability in multiple products A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. | 7.8 |
2020-01-23 | CVE-2012-5340 | Integer Overflow or Wraparound vulnerability in multiple products SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. | 7.8 |
2019-11-27 | CVE-2019-14812 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |