Vulnerabilities > Artifex > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-05 | CVE-2018-16541 | Use After Free vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. | 5.5 |
| 2018-09-05 | CVE-2018-16539 | Information Exposure vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | 5.5 |
| 2018-06-01 | CVE-2018-11645 | Information Exposure vulnerability in Artifex Ghostscript psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | 5.3 |
| 2018-05-24 | CVE-2018-1000040 | Improper Input Validation vulnerability in multiple products In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | 5.5 |
| 2018-05-24 | CVE-2018-1000037 | Improper Input Validation vulnerability in multiple products In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | 5.5 |
| 2018-05-24 | CVE-2018-1000036 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | 5.5 |
| 2018-04-24 | CVE-2016-9601 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. | 5.5 |
| 2018-04-22 | CVE-2018-10289 | Infinite Loop vulnerability in multiple products In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. | 5.5 |
| 2018-02-02 | CVE-2018-6544 | Uncontrolled Recursion vulnerability in multiple products pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of service via a crafted PDF document. | 5.5 |
| 2018-01-24 | CVE-2018-6192 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | 5.5 |