Vulnerabilities > Artifex > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-27 | CVE-2018-15910 | Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | 7.8 |
| 2018-08-27 | CVE-2018-15909 | Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | 7.8 |
| 2018-08-27 | CVE-2018-15908 | In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | 7.8 |
| 2018-05-24 | CVE-2018-1000039 | Use After Free vulnerability in Artifex Mupdf In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | 7.8 |
| 2018-05-24 | CVE-2018-1000038 | Out-of-bounds Write vulnerability in Artifex Mupdf In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. | 7.8 |
| 2018-04-24 | CVE-2016-8729 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.9 An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. | 7.8 |
| 2018-04-24 | CVE-2016-8728 | Out-of-bounds Write vulnerability in Artifex Mupdf 1.10 An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. | 7.8 |
| 2018-04-18 | CVE-2018-10194 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2018-02-09 | CVE-2018-1000051 | Use After Free vulnerability in multiple products Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. | 7.8 |
| 2018-01-22 | CVE-2017-17858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.12.0 Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | 7.8 |