Artifex: Security Vulnerabilities
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-05-18
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-25
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-04-14
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
9.9
EPSS Score
0.093
Published
2022-02-16
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-02-14
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVSS Score
5.5
EPSS Score
0.003
Published
2022-01-01
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-01
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-07-21
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
CVSS Score
5.5
EPSS Score
0.005
Published
2021-07-21
Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-07-13