artifex vulnerabilities and exploits

7.5
CVSSv2
CVE-2016-7978

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice....

4.3
CVSSv2
CVE-2017-5951

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file....

6.8
CVSSv2
CVE-2016-7976

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams....

ArtifexGhostscript
6.8
CVSSv2
CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017....

ArtifexGhostscript
4.3
CVSSv2
CVE-2018-10289

In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file....

ArtifexMupdf
6.8
CVSSv2
CVE-2018-1000039

In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file....

ArtifexMupdf
4.3
CVSSv2
CVE-2016-8674

The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file....

ArtifexMupdf
5
CVSSv2
CVE-2017-5991

An issue was discovered in Artifex Software, Inc. MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation....

ArtifexMupdf
9.3
CVSSv2
CVE-2009-4897

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name....

9.3
CVSSv2
CVE-2012-4875

** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was...