Vendor
Artifex
Products
10
CVEs
86
Across products
268
Status
Private
Products
10- 84 CVEs
- 68 CVEs
- 61 CVEs
- 22 CVEs
- 9 CVEs
- 8 CVEs
- 7 CVEs
- 5 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
86| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8291 | Hig | 0.73 | 7.8 | 0.93 | KEV | Apr 27, 2017 | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. |
| CVE-2016-10141 | Cri | 0.64 | 9.8 | 0.01 | Jan 13, 2017 | An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. | |
| CVE-2016-7505 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2016 | A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition. | |
| CVE-2016-7504 | Cri | 0.64 | 9.8 | 0.01 | Oct 29, 2016 | A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition. | |
| CVE-2017-6060 | Hig | 0.54 | 7.8 | 0.03 | Mar 15, 2017 | Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. | |
| CVE-2017-5991 | Hig | 0.53 | 7.5 | 0.18 | Feb 15, 2017 | An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. | |
| CVE-2026-3308 | Hig | 0.51 | 7.8 | 0.00 | Mar 31, 2026 | An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution. | |
| CVE-2017-15587 | Hig | 0.51 | 7.8 | 0.00 | Oct 18, 2017 | An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | |
| CVE-2017-14947 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2017 | Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359." | |
| CVE-2017-14946 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2017 | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e." | |
| CVE-2017-14945 | Hig | 0.51 | 7.8 | 0.00 | Sep 30, 2017 | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." | |
| CVE-2017-14687 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | |
| CVE-2017-14686 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | |
| CVE-2017-14685 | Hig | 0.51 | 7.8 | 0.00 | Sep 22, 2017 | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | |
| CVE-2017-11714 | Hig | 0.51 | 7.8 | 0.00 | Jul 28, 2017 | psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | |
| CVE-2017-9835 | Hig | 0.51 | 7.8 | 0.00 | Jul 26, 2017 | The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | |
| CVE-2017-9740 | Hig | 0.51 | 7.8 | 0.00 | Jul 26, 2017 | The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2017-9739 | Hig | 0.51 | 7.8 | 0.01 | Jul 26, 2017 | The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2017-9727 | Hig | 0.51 | 7.8 | 0.01 | Jul 26, 2017 | The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2017-9726 | Hig | 0.51 | 7.8 | 0.01 | Jul 26, 2017 | The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. |