Find a vulnerability
Search criteria
523 vulnerabilities by Artifex
CVE-2025-71382 (GCVE-0-2025-71382)
Vulnerability from nvd – Published: 2026-06-23 17:21 – Updated: 2026-06-23 17:36 X_Open Source- CWE-674 - Uncontrolled Recursion
| URL | Tags |
|---|---|
| https://github.com/ArtifexSoftware/mupdf/releases… | release-notes |
| https://bugs.ghostscript.com/show_bug.cgi?id=708840 | technical-descriptionexploit |
| https://github.com/ArtifexSoftware/mupdf/commit/7… | patch |
| https://www.vulncheck.com/advisories/mupdf-rc1-st… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| ArtifexSoftware | mupdf |
Affected:
0 , < 1.27.0-rc1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T17:36:25.366763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:36:36.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "mupdf",
"repo": "https://github.com/ArtifexSoftware/mupdf",
"vendor": "ArtifexSoftware",
"versions": [
{
"lessThan": "1.27.0-rc1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ishayu Potey"
}
],
"datePublic": "2025-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:21:48.562Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0-rc1"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708840"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ArtifexSoftware/mupdf/commit/70b71ab22e6de4d4c44cd301c88231f623a4e94e"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mupdf-rc1-stack-exhaustion-dos-via-epub-css-rendering"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "MuPDF \u003c 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71382",
"datePublished": "2026-06-23T17:21:48.562Z",
"dateReserved": "2026-06-23T17:14:32.284Z",
"dateUpdated": "2026-06-23T17:36:36.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7233 (GCVE-0-2026-7233)
Vulnerability from nvd – Published: 2026-04-28 06:00 – Updated: 2026-05-05 20:23| URL | Tags |
|---|---|
| https://vuldb.com/vuln/359840 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/359840/cti | signaturepermissions-required |
| https://vuldb.com/submit/802590 | third-party-advisory |
| https://bugs.ghostscript.com/show_bug.cgi?id=709328 | issue-tracking |
| https://github.com/biniamf/pocs/tree/main/mupdf-c… | exploit |
| https://artifex.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | MuPDF |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 Affected: 1.6 Affected: 1.7 Affected: 1.8 Affected: 1.9 Affected: 1.10 Affected: 1.11 Affected: 1.12 Affected: 1.13 Affected: 1.14 Affected: 1.15 Affected: 1.16 Affected: 1.17 Affected: 1.18 Affected: 1.19 Affected: 1.20 Affected: 1.21 Affected: 1.22 Affected: 1.23 Affected: 1.24 Affected: 1.25 Affected: 1.26 Affected: 1.27 Affected: 1.28.0 cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7233",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:14:06.670638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T20:23:51.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/802590"
},
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=709328"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*"
],
"modules": [
"CFF Index Handler"
],
"product": "MuPDF",
"vendor": "Artifex",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.16"
},
{
"status": "affected",
"version": "1.17"
},
{
"status": "affected",
"version": "1.18"
},
{
"status": "affected",
"version": "1.19"
},
{
"status": "affected",
"version": "1.20"
},
{
"status": "affected",
"version": "1.21"
},
{
"status": "affected",
"version": "1.22"
},
{
"status": "affected",
"version": "1.23"
},
{
"status": "affected",
"version": "1.24"
},
{
"status": "affected",
"version": "1.25"
},
{
"status": "affected",
"version": "1.26"
},
{
"status": "affected",
"version": "1.27"
},
{
"status": "affected",
"version": "1.28.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "biniam (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T06:00:18.874Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359840 | Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359840"
},
{
"name": "VDB-359840 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359840/cti"
},
{
"name": "Submit #802590 | Artifex MuPDF 1.28 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/802590"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=709328"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread"
},
{
"tags": [
"product"
],
"url": "https://artifex.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-27T19:05:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7233",
"datePublished": "2026-04-28T06:00:18.874Z",
"dateReserved": "2026-04-27T17:00:07.970Z",
"dateUpdated": "2026-05-05T20:23:51.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40505 (GCVE-0-2026-40505)
Vulnerability from nvd – Published: 2026-04-16 01:20 – Updated: 2026-04-17 16:32- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
| URL | Tags |
|---|---|
| https://github.com/ArtifexSoftware/mupdf/releases… | release-notes |
| https://github.com/ArtifexSoftware/mupdf/commit/0… | patch |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mup… | issue-tracking |
| https://www.vulncheck.com/advisories/mupdf-mutool… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex Software Inc. | MuPDF |
Affected:
0 , < 1.27.0
(semver)
Affected: 0f17d789fe8c29b41e47663be82514aaca3a4dfb (git) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T13:53:13.801290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T13:53:40.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MuPDF",
"vendor": "Artifex Software Inc.",
"versions": [
{
"lessThan": "1.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "0f17d789fe8c29b41e47663be82514aaca3a4dfb",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Niel Duysters"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T16:32:45.810Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ArtifexSoftware/mupdf/commit/0f17d789fe8c29b41e47663be82514aaca3a4dfb"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0f17d789fe8c29b41e47663be82514aaca3a4dfb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mupdf-mutool-ansi-injection-via-metadata"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MuPDF \u003c 1.27 mutool ANSI Injection via Metadata",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-40505",
"datePublished": "2026-04-16T01:20:08.397Z",
"dateReserved": "2026-04-13T20:29:02.808Z",
"dateUpdated": "2026-04-17T16:32:45.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15569 (GCVE-0-2025-15569)
Vulnerability from nvd – Published: 2026-02-10 10:02 – Updated: 2026-02-23 09:54| URL | Tags |
|---|---|
| https://vuldb.com/?id.344924 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344924 | signaturepermissions-required |
| https://vuldb.com/?submit.750978 | third-party-advisory |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mup… | patch |
| https://casper.mupdf.com/downloads/archive/mupdf-… | patch |
| https://artifex.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T14:36:11.207289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:00:15.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*"
],
"product": "MuPDF",
"vendor": "Artifex",
"versions": [
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "unaffected",
"version": "1.26.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nmaochea (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:54:58.415Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344924 | Artifex MuPDF win_main.c get_system_dpi uncontrolled search path",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344924"
},
{
"name": "VDB-344924 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344924"
},
{
"name": "Submit #750978 | Artifex Software MuPDF 1.26.2 Uncontrolled Search Path",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750978"
},
{
"tags": [
"patch"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ebb125334eb007d64e579204af3c264aadf2e244"
},
{
"tags": [
"patch"
],
"url": "https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zip"
},
{
"tags": [
"product"
],
"url": "https://artifex.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2026-02-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-16T05:26:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Artifex MuPDF win_main.c get_system_dpi uncontrolled search path"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15569",
"datePublished": "2026-02-10T10:02:09.074Z",
"dateReserved": "2026-02-08T08:06:04.188Z",
"dateUpdated": "2026-02-23T09:54:58.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25556 (GCVE-0-2026-25556)
Vulnerability from nvd – Published: 2026-02-06 16:11 – Updated: 2026-05-25 23:41- CWE-415 - Double Free
| URL | Tags |
|---|---|
| https://bugs.ghostscript.com/show_bug.cgi?id=709029 | issue-tracking |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mup… | patch |
| https://mupdf.com/ | product |
| https://www.vulncheck.com/advisories/mupdf-barcod… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex Software | MuPDF |
Affected:
1.23.0 , ≤ 1.27.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25556",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:34:46.909949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:35:11.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MuPDF",
"repo": "https://github.com/ArtifexSoftware/mupdf",
"vendor": "Artifex Software",
"versions": [
{
"lessThanOrEqual": "1.27.0",
"status": "affected",
"version": "1.23.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.27.0",
"versionStartIncluding": "1.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pavel Kohout, Aisle Research (www.aisle.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes."
}
],
"value": "MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:43.536Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=709029"
},
{
"tags": [
"patch"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1"
},
{
"tags": [
"product"
],
"url": "https://mupdf.com/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mupdf-barcode-decoding-double-free"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MuPDF 1.23.0 through 1.27.0 Barcode Decoding Double Free",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-25556",
"datePublished": "2026-02-06T16:11:59.926Z",
"dateReserved": "2026-02-02T20:12:33.395Z",
"dateUpdated": "2026-05-25T23:41:43.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55780 (GCVE-0-2025-55780)
Vulnerability from nvd – Published: 2025-09-23 00:00 – Updated: 2025-09-25 14:47- n/a
- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:36:54.825635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:37:31.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node-\u003enext is valid before accessing node-\u003enext-\u003eoverflow_wrap, resulting in a crash if the split fails or returns a partial node chain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:47:03.426Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708720"
},
{
"url": "https://github.com/ISH2YU/CVE-2025-55780/tree/main"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=bdd5d241748807378a78a622388e0312332513c5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-55780",
"datePublished": "2025-09-23T00:00:00.000Z",
"dateReserved": "2025-08-16T00:00:00.000Z",
"dateUpdated": "2025-09-25T14:47:03.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59801 (GCVE-0-2025-59801)
Vulnerability from nvd – Published: 2025-09-22 00:00 – Updated: 2025-09-23 13:53- CWE-121 - Stack-based Buffer Overflow
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:53:38.177425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:53:45.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GhostXPS",
"vendor": "Artifex",
"versions": [
{
"lessThan": "10.06.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:11:41.392Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708819"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=99727069197d548a8db69ba5d63f766bff40eaab"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59801",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-09-23T13:53:45.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59800 (GCVE-0-2025-59800)
Vulnerability from nvd – Published: 2025-09-22 00:00 – Updated: 2025-09-23 13:52- CWE-190 - Integer Overflow or Wraparound
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , ≤ 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:52:31.404135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:52:36.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708602"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThanOrEqual": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:13:45.893Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708602"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=176cf0188a2294bc307b8caec876f39412e58350"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59800",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-09-23T13:52:36.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59799 (GCVE-0-2025-59799)
Vulnerability from nvd – Published: 2025-09-22 00:00 – Updated: 2025-11-03 17:45- CWE-121 - Stack-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , ≤ 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:48:50.543754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:48:53.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708517"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:21.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThanOrEqual": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:15:40.170Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708517"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59799",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T17:45:21.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59798 (GCVE-0-2025-59798)
Vulnerability from nvd – Published: 2025-09-22 00:00 – Updated: 2025-11-03 17:45- CWE-121 - Stack-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , ≤ 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:54:24.175934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:54:26.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708539"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:20.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThanOrEqual": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:17:16.835Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708539"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0cae41b23a9669e801211dd4cf97b6dadd6dbdd7"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59798",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T17:45:20.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-46206 (GCVE-0-2025-46206)
Vulnerability from nvd – Published: 2025-08-04 00:00 – Updated: 2025-08-05 16:46- n/a
- CWE-674 - Uncontrolled Recursion
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T19:39:29.697256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:46:11.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T17:05:45.652Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://artifex.com"
},
{
"url": "http://mupdf.com"
},
{
"url": "https://github.com/Landw-hub/CVE-2025-46206"
},
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708521"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46206",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-08-05T16:46:11.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7462 (GCVE-0-2025-7462)
Vulnerability from nvd – Published: 2025-07-12 05:32 – Updated: 2025-11-03 17:45| URL | Tags |
|---|---|
| https://vuldb.com/?id.316113 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.316113 | signaturepermissions-required |
| https://vuldb.com/?submit.610173 | third-party-advisory |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/gho… | patch |
| https://artifex.com/ | product |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T19:13:25.998841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:12:52.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:29.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"New Output File Open Error Handler"
],
"product": "GhostPDL",
"vendor": "Artifex",
"versions": [
{
"status": "affected",
"version": "3989415a5b8e99b9d1b87cc9902bde9b7cdea145"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CyberGym (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Artifex GhostPDL bis 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion pdf_ferror der Datei devices/vector/gdevpdf.c der Komponente New Output File Open Error Handler. Mittels Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 619a106ba4c4abed95110f84d5efcd7aee38c7cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T05:32:09.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316113 | Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316113"
},
{
"name": "VDB-316113 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316113"
},
{
"name": "Submit #610173 | ArtifexSoftware GhostPDL 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.610173"
},
{
"tags": [
"patch"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4"
},
{
"tags": [
"product"
],
"url": "https://artifex.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-11T13:34:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7462",
"datePublished": "2025-07-12T05:32:09.177Z",
"dateReserved": "2025-07-11T11:26:03.018Z",
"dateUpdated": "2025-11-03T17:45:29.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48708 (GCVE-0-2025-48708)
Vulnerability from nvd – Published: 2025-05-23 00:00 – Updated: 2025-05-24 00:11- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , < 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T13:21:22.077960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T13:21:34.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-24T00:11:29.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThan": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T14:20:13.175Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708446"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-48708",
"datePublished": "2025-05-23T00:00:00.000Z",
"dateReserved": "2025-05-23T00:00:00.000Z",
"dateUpdated": "2025-05-24T00:11:29.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46646 (GCVE-0-2025-46646)
Vulnerability from nvd – Published: 2025-04-26 00:00 – Updated: 2025-04-29 15:23- CWE-24 - Path Traversal: '../filedir'
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , < 10.05.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:44:40.556076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T15:23:02.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThan": "10.05.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.05.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T14:33:54.235Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708311"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46646",
"datePublished": "2025-04-26T00:00:00.000Z",
"dateReserved": "2025-04-26T00:00:00.000Z",
"dateUpdated": "2025-04-29T15:23:02.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-71382 (GCVE-0-2025-71382)
Vulnerability from cvelistv5 – Published: 2026-06-23 17:21 – Updated: 2026-06-23 17:36 X_Open Source- CWE-674 - Uncontrolled Recursion
| URL | Tags |
|---|---|
| https://github.com/ArtifexSoftware/mupdf/releases… | release-notes |
| https://bugs.ghostscript.com/show_bug.cgi?id=708840 | technical-descriptionexploit |
| https://github.com/ArtifexSoftware/mupdf/commit/7… | patch |
| https://www.vulncheck.com/advisories/mupdf-rc1-st… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| ArtifexSoftware | mupdf |
Affected:
0 , < 1.27.0-rc1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T17:36:25.366763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:36:36.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "mupdf",
"repo": "https://github.com/ArtifexSoftware/mupdf",
"vendor": "ArtifexSoftware",
"versions": [
{
"lessThan": "1.27.0-rc1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ishayu Potey"
}
],
"datePublic": "2025-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MuPDF before 1.27.0-rc1 contains an uncontrolled recursion vulnerability in the EPUB CSS rendering engine that allows remote attackers to cause a denial of service by supplying a maliciously crafted EPUB file with deeply nested HTML elements and inline CSS styles. The function value_from_inheritable_property() in css-apply.c recurses through the CSS property inheritance chain without a depth limit, exhausting the process stack and causing a crash in any application using MuPDF for EPUB rendering."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T17:21:48.562Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0-rc1"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708840"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ArtifexSoftware/mupdf/commit/70b71ab22e6de4d4c44cd301c88231f623a4e94e"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mupdf-rc1-stack-exhaustion-dos-via-epub-css-rendering"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "MuPDF \u003c 1.27.0-rc1 Stack Exhaustion DoS via EPUB CSS Rendering",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71382",
"datePublished": "2026-06-23T17:21:48.562Z",
"dateReserved": "2026-06-23T17:14:32.284Z",
"dateUpdated": "2026-06-23T17:36:36.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7233 (GCVE-0-2026-7233)
Vulnerability from cvelistv5 – Published: 2026-04-28 06:00 – Updated: 2026-05-05 20:23| URL | Tags |
|---|---|
| https://vuldb.com/vuln/359840 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/359840/cti | signaturepermissions-required |
| https://vuldb.com/submit/802590 | third-party-advisory |
| https://bugs.ghostscript.com/show_bug.cgi?id=709328 | issue-tracking |
| https://github.com/biniamf/pocs/tree/main/mupdf-c… | exploit |
| https://artifex.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | MuPDF |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 Affected: 1.6 Affected: 1.7 Affected: 1.8 Affected: 1.9 Affected: 1.10 Affected: 1.11 Affected: 1.12 Affected: 1.13 Affected: 1.14 Affected: 1.15 Affected: 1.16 Affected: 1.17 Affected: 1.18 Affected: 1.19 Affected: 1.20 Affected: 1.21 Affected: 1.22 Affected: 1.23 Affected: 1.24 Affected: 1.25 Affected: 1.26 Affected: 1.27 Affected: 1.28.0 cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7233",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:14:06.670638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T20:23:51.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/802590"
},
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=709328"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*"
],
"modules": [
"CFF Index Handler"
],
"product": "MuPDF",
"vendor": "Artifex",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.16"
},
{
"status": "affected",
"version": "1.17"
},
{
"status": "affected",
"version": "1.18"
},
{
"status": "affected",
"version": "1.19"
},
{
"status": "affected",
"version": "1.20"
},
{
"status": "affected",
"version": "1.21"
},
{
"status": "affected",
"version": "1.22"
},
{
"status": "affected",
"version": "1.23"
},
{
"status": "affected",
"version": "1.24"
},
{
"status": "affected",
"version": "1.25"
},
{
"status": "affected",
"version": "1.26"
},
{
"status": "affected",
"version": "1.27"
},
{
"status": "affected",
"version": "1.28.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "biniam (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T06:00:18.874Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359840 | Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359840"
},
{
"name": "VDB-359840 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359840/cti"
},
{
"name": "Submit #802590 | Artifex MuPDF 1.28 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/802590"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=709328"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/biniamf/pocs/tree/main/mupdf-cff-indexload-oobread"
},
{
"tags": [
"product"
],
"url": "https://artifex.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-27T19:05:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Artifex MuPDF CFF Index subset-cff.c fz_subset_cff_for_gids out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7233",
"datePublished": "2026-04-28T06:00:18.874Z",
"dateReserved": "2026-04-27T17:00:07.970Z",
"dateUpdated": "2026-05-05T20:23:51.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40505 (GCVE-0-2026-40505)
Vulnerability from cvelistv5 – Published: 2026-04-16 01:20 – Updated: 2026-04-17 16:32- CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences
| URL | Tags |
|---|---|
| https://github.com/ArtifexSoftware/mupdf/releases… | release-notes |
| https://github.com/ArtifexSoftware/mupdf/commit/0… | patch |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mup… | issue-tracking |
| https://www.vulncheck.com/advisories/mupdf-mutool… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex Software Inc. | MuPDF |
Affected:
0 , < 1.27.0
(semver)
Affected: 0f17d789fe8c29b41e47663be82514aaca3a4dfb (git) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T13:53:13.801290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T13:53:40.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MuPDF",
"vendor": "Artifex Software Inc.",
"versions": [
{
"lessThan": "1.27.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "0f17d789fe8c29b41e47663be82514aaca3a4dfb",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Niel Duysters"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T16:32:45.810Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://github.com/ArtifexSoftware/mupdf/releases/tag/1.27.0"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ArtifexSoftware/mupdf/commit/0f17d789fe8c29b41e47663be82514aaca3a4dfb"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0f17d789fe8c29b41e47663be82514aaca3a4dfb"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mupdf-mutool-ansi-injection-via-metadata"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MuPDF \u003c 1.27 mutool ANSI Injection via Metadata",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-40505",
"datePublished": "2026-04-16T01:20:08.397Z",
"dateReserved": "2026-04-13T20:29:02.808Z",
"dateUpdated": "2026-04-17T16:32:45.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15569 (GCVE-0-2025-15569)
Vulnerability from cvelistv5 – Published: 2026-02-10 10:02 – Updated: 2026-02-23 09:54| URL | Tags |
|---|---|
| https://vuldb.com/?id.344924 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344924 | signaturepermissions-required |
| https://vuldb.com/?submit.750978 | third-party-advisory |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mup… | patch |
| https://casper.mupdf.com/downloads/archive/mupdf-… | patch |
| https://artifex.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T14:36:11.207289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:00:15.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*"
],
"product": "MuPDF",
"vendor": "Artifex",
"versions": [
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "unaffected",
"version": "1.26.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nmaochea (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "Uncontrolled Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:54:58.415Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344924 | Artifex MuPDF win_main.c get_system_dpi uncontrolled search path",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344924"
},
{
"name": "VDB-344924 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344924"
},
{
"name": "Submit #750978 | Artifex Software MuPDF 1.26.2 Uncontrolled Search Path",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750978"
},
{
"tags": [
"patch"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=ebb125334eb007d64e579204af3c264aadf2e244"
},
{
"tags": [
"patch"
],
"url": "https://casper.mupdf.com/downloads/archive/mupdf-1.26.2-windows.zip"
},
{
"tags": [
"product"
],
"url": "https://artifex.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-04T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2026-02-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-16T05:26:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Artifex MuPDF win_main.c get_system_dpi uncontrolled search path"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-15569",
"datePublished": "2026-02-10T10:02:09.074Z",
"dateReserved": "2026-02-08T08:06:04.188Z",
"dateUpdated": "2026-02-23T09:54:58.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25556 (GCVE-0-2026-25556)
Vulnerability from cvelistv5 – Published: 2026-02-06 16:11 – Updated: 2026-05-25 23:41- CWE-415 - Double Free
| URL | Tags |
|---|---|
| https://bugs.ghostscript.com/show_bug.cgi?id=709029 | issue-tracking |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mup… | patch |
| https://mupdf.com/ | product |
| https://www.vulncheck.com/advisories/mupdf-barcod… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex Software | MuPDF |
Affected:
1.23.0 , ≤ 1.27.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25556",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T16:34:46.909949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:35:11.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MuPDF",
"repo": "https://github.com/ArtifexSoftware/mupdf",
"vendor": "Artifex Software",
"versions": [
{
"lessThanOrEqual": "1.27.0",
"status": "affected",
"version": "1.23.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.27.0",
"versionStartIncluding": "1.23.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pavel Kohout, Aisle Research (www.aisle.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes."
}
],
"value": "MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T23:41:43.536Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=709029"
},
{
"tags": [
"patch"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=d4743b6092d513321c23c6f7fe5cff87cde043c1"
},
{
"tags": [
"product"
],
"url": "https://mupdf.com/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mupdf-barcode-decoding-double-free"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MuPDF 1.23.0 through 1.27.0 Barcode Decoding Double Free",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-25556",
"datePublished": "2026-02-06T16:11:59.926Z",
"dateReserved": "2026-02-02T20:12:33.395Z",
"dateUpdated": "2026-05-25T23:41:43.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55780 (GCVE-0-2025-55780)
Vulnerability from cvelistv5 – Published: 2025-09-23 00:00 – Updated: 2025-09-25 14:47- n/a
- CWE-476 - NULL Pointer Dereference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:36:54.825635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:37:31.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node-\u003enext is valid before accessing node-\u003enext-\u003eoverflow_wrap, resulting in a crash if the split fails or returns a partial node chain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:47:03.426Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708720"
},
{
"url": "https://github.com/ISH2YU/CVE-2025-55780/tree/main"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=bdd5d241748807378a78a622388e0312332513c5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-55780",
"datePublished": "2025-09-23T00:00:00.000Z",
"dateReserved": "2025-08-16T00:00:00.000Z",
"dateUpdated": "2025-09-25T14:47:03.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59799 (GCVE-0-2025-59799)
Vulnerability from cvelistv5 – Published: 2025-09-22 00:00 – Updated: 2025-11-03 17:45- CWE-121 - Stack-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , ≤ 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59799",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:48:50.543754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:48:53.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708517"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:21.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThanOrEqual": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:15:40.170Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708517"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=6dab38fb211f15226c242ab7a83fa53e4b0ff781"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59799",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T17:45:21.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59800 (GCVE-0-2025-59800)
Vulnerability from cvelistv5 – Published: 2025-09-22 00:00 – Updated: 2025-09-23 13:52- CWE-190 - Integer Overflow or Wraparound
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , ≤ 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59800",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:52:31.404135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:52:36.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708602"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThanOrEqual": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:13:45.893Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708602"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=176cf0188a2294bc307b8caec876f39412e58350"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59800",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-09-23T13:52:36.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59801 (GCVE-0-2025-59801)
Vulnerability from cvelistv5 – Published: 2025-09-22 00:00 – Updated: 2025-09-23 13:53- CWE-121 - Stack-based Buffer Overflow
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:53:38.177425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:53:45.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GhostXPS",
"vendor": "Artifex",
"versions": [
{
"lessThan": "10.06.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:11:41.392Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708819"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=99727069197d548a8db69ba5d63f766bff40eaab"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59801",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-09-23T13:53:45.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59798 (GCVE-0-2025-59798)
Vulnerability from cvelistv5 – Published: 2025-09-22 00:00 – Updated: 2025-11-03 17:45- CWE-121 - Stack-based Buffer Overflow
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , ≤ 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59798",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T13:54:24.175934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T13:54:26.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708539"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:20.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThanOrEqual": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndIncluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T03:17:16.835Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708539"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=0cae41b23a9669e801211dd4cf97b6dadd6dbdd7"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59798",
"datePublished": "2025-09-22T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T17:45:20.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-46206 (GCVE-0-2025-46206)
Vulnerability from cvelistv5 – Published: 2025-08-04 00:00 – Updated: 2025-08-05 16:46- n/a
- CWE-674 - Uncontrolled Recursion
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-04T19:39:29.697256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:46:11.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-04T17:05:45.652Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://artifex.com"
},
{
"url": "http://mupdf.com"
},
{
"url": "https://github.com/Landw-hub/CVE-2025-46206"
},
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708521"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46206",
"datePublished": "2025-08-04T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-08-05T16:46:11.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7462 (GCVE-0-2025-7462)
Vulnerability from cvelistv5 – Published: 2025-07-12 05:32 – Updated: 2025-11-03 17:45| URL | Tags |
|---|---|
| https://vuldb.com/?id.316113 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.316113 | signaturepermissions-required |
| https://vuldb.com/?submit.610173 | third-party-advisory |
| https://cgit.ghostscript.com/cgi-bin/cgit.cgi/gho… | patch |
| https://artifex.com/ | product |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T19:13:25.998841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:12:52.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:29.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"New Output File Open Error Handler"
],
"product": "GhostPDL",
"vendor": "Artifex",
"versions": [
{
"status": "affected",
"version": "3989415a5b8e99b9d1b87cc9902bde9b7cdea145"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CyberGym (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Artifex GhostPDL bis 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion pdf_ferror der Datei devices/vector/gdevpdf.c der Komponente New Output File Open Error Handler. Mittels Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Patch wird als 619a106ba4c4abed95110f84d5efcd7aee38c7cb bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T05:32:09.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316113 | Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316113"
},
{
"name": "VDB-316113 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316113"
},
{
"name": "Submit #610173 | ArtifexSoftware GhostPDL 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.610173"
},
{
"tags": [
"patch"
],
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4"
},
{
"tags": [
"product"
],
"url": "https://artifex.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-11T13:34:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Artifex GhostPDL New Output File Open Error gdevpdf.c pdf_ferror null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7462",
"datePublished": "2025-07-12T05:32:09.177Z",
"dateReserved": "2025-07-11T11:26:03.018Z",
"dateUpdated": "2025-11-03T17:45:29.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48708 (GCVE-0-2025-48708)
Vulnerability from cvelistv5 – Published: 2025-05-23 00:00 – Updated: 2025-05-24 00:11- CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , < 10.05.1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-23T13:21:22.077960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T13:21:34.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-24T00:11:29.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThan": "10.05.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.05.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-23T14:20:13.175Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708446"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b587663c623b4462f9e78686a31fd880207303ee"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-48708",
"datePublished": "2025-05-23T00:00:00.000Z",
"dateReserved": "2025-05-23T00:00:00.000Z",
"dateUpdated": "2025-05-24T00:11:29.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46646 (GCVE-0-2025-46646)
Vulnerability from cvelistv5 – Published: 2025-04-26 00:00 – Updated: 2025-04-29 15:23- CWE-24 - Path Traversal: '../filedir'
| Vendor | Product | Version | |
|---|---|---|---|
| Artifex | Ghostscript |
Affected:
0 , < 10.05.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:44:40.556076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T15:23:02.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ghostscript",
"vendor": "Artifex",
"versions": [
{
"lessThan": "10.05.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.05.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-26T14:33:54.235Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=708311"
},
{
"url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-46646",
"datePublished": "2025-04-26T00:00:00.000Z",
"dateReserved": "2025-04-26T00:00:00.000Z",
"dateUpdated": "2025-04-29T15:23:02.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201609-0097
Vulnerability from variot - Updated: 2025-04-13 23:27Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. MuPDF is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed.
Gentoo Linux Security Advisory GLSA 201702-12
https://security.gentoo.org/
Severity: Normal Title: MuPDF: Multiple vulnerabilities Date: February 19, 2017 Bugs: #589826, #590480, #608702, #608712 ID: 201702-12
Synopsis
Multiple vulnerabilities have been found in MuPDF, the worst of which allows remote attackers to execute arbitrary code.
Background
A lightweight PDF, XPS, and E-book viewer.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/mupdf < 1.10a-r1 >= 1.10a-r1
Description
Multiple vulnerabilities have been discovered in MuPDF. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted PDF document using MuPDF possibly resulting in the execution of arbitrary code, with the privileges of the process, or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All MuPDF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/mupdf-1.10a-r1"
References
[ 1 ] CVE-2016-6265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6265 [ 2 ] CVE-2016-6525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6525 [ 3 ] CVE-2017-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5896
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201702-12
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--SOUkjTn8b7jo7ow0H6Cwm8HAJCjaRpMjo--
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "8.0"
},
{
"model": "mupdf",
"scope": "lte",
"trust": 1.0,
"vendor": "artifex",
"version": "1.9"
},
{
"model": "mupdf",
"scope": null,
"trust": 0.8,
"vendor": "artifex",
"version": null
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "8.0"
},
{
"model": "mupdf",
"scope": "eq",
"trust": 0.3,
"vendor": "mupdf",
"version": "1.9"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "92266"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
},
{
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:artifex:mupdf",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "redrain root.",
"sources": [
{
"db": "BID",
"id": "92266"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6525",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6525",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6525",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6525",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-6525",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-239",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
},
{
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. MuPDF is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, resulting in denial-of-service conditions. Due to the nature of this issue, code execution may be possible but this has not been confirmed. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201702-12\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: MuPDF: Multiple vulnerabilities\n Date: February 19, 2017\n Bugs: #589826, #590480, #608702, #608712\n ID: 201702-12\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in MuPDF, the worst of which\nallows remote attackers to execute arbitrary code. \n\nBackground\n==========\n\nA lightweight PDF, XPS, and E-book viewer. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/mupdf \u003c 1.10a-r1 \u003e= 1.10a-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in MuPDF. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could entice a user to open a specially crafted PDF\ndocument using MuPDF possibly resulting in the execution of arbitrary\ncode, with the privileges of the process, or a Denial of Service\ncondition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll MuPDF users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/mupdf-1.10a-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2016-6265\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6265\n[ 2 ] CVE-2016-6525\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6525\n[ 3 ] CVE-2017-5896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5896\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201702-12\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--SOUkjTn8b7jo7ow0H6Cwm8HAJCjaRpMjo--\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6525"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "BID",
"id": "92266"
},
{
"db": "PACKETSTORM",
"id": "141172"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6525",
"trust": 2.8
},
{
"db": "BID",
"id": "92266",
"trust": 1.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/08/03/8",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004846",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141172",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "92266"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "PACKETSTORM",
"id": "141172"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
},
{
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"id": "VAR-201609-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16666667
},
"last_update_date": "2025-04-13T23:27:22.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 696954",
"trust": 0.8,
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=696954"
},
{
"title": "DSA-3655",
"trust": 0.8,
"url": "https://www.debian.org/security/2016/dsa-3655"
},
{
"title": "Make sure that number of colors in mesh params is valid.",
"trust": 0.8,
"url": "http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e"
},
{
"title": "Artifex MuPDF Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63625"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=696954"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2016/08/03/8"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2016/dsa-3655"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/92266"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201702-12"
},
{
"trust": 1.0,
"url": "http://git.ghostscript.com/?p=mupdf.git%3bh=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e"
},
{
"trust": 0.9,
"url": "http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6525"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6525"
},
{
"trust": 0.3,
"url": "http://www.mupdf.com/"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2016/q3/241"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6525"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6265"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6525"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-5896"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6265"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5896"
}
],
"sources": [
{
"db": "BID",
"id": "92266"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "PACKETSTORM",
"id": "141172"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
},
{
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "92266"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"db": "PACKETSTORM",
"id": "141172"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
},
{
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-02T00:00:00",
"db": "BID",
"id": "92266"
},
{
"date": "2016-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"date": "2017-02-20T22:47:02",
"db": "PACKETSTORM",
"id": "141172"
},
{
"date": "2016-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-239"
},
{
"date": "2016-09-22T15:59:04.977000",
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T02:05:00",
"db": "BID",
"id": "92266"
},
{
"date": "2016-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004846"
},
{
"date": "2016-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-239"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-6525"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "141172"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MuPDF of pdf/pdf-shade.c of pdf_load_mesh_params Heap-based buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004846"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-239"
}
],
"trust": 0.6
}
}
VAR-201008-0003
Vulnerability from variot - Updated: 2025-04-11 20:11Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. Ghostscript of TrueType bytecode interpreter Vulnerabilities exist. Ghostscript is a program for displaying PostScript files or printing files to non-PostScript printers. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to Ghostscript 8.71 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-17
http://security.gentoo.org/
Severity: Normal Title: GPL Ghostscript: Multiple vulnerabilities Date: December 13, 2014 Bugs: #264594, #300192, #332061, #437654 ID: 201412-17
Synopsis
Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/ghostscript-gpl < 9.10-r2 >= 9.10-r2
Description
Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All GPL Ghostscript users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-text/ghostscript-gpl-9.10-r2"
References
[ 1 ] CVE-2009-0196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0196 [ 2 ] CVE-2009-0792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0792 [ 3 ] CVE-2009-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3743 [ 4 ] CVE-2009-4270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4270 [ 5 ] CVE-2009-4897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4897 [ 6 ] CVE-2010-1628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1628 [ 7 ] CVE-2010-2055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2055 [ 8 ] CVE-2010-4054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4054 [ 9 ] CVE-2012-4405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4405
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-17.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ghostscript security update Advisory ID: RHSA-2012:0095-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0095.html Issue date: 2012-02-02 CVE Names: CVE-2009-3743 CVE-2010-2055 CVE-2010-4054 CVE-2010-4820 =====================================================================
- Summary:
Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2009-3743)
It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used (to prevent the current working directory being searched first). (CVE-2010-2055)
Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820)
Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first). An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2010-4054)
Users of Ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
599564 - CVE-2010-2055 ghostscript: gs_init.ps searched in current directory despite -P- 627902 - CVE-2009-3743 ghostscript: TrueType bytecode intepreter integer overflow or wraparound 646086 - CVE-2010-4054 ghostscript: glyph data access improper input validation 771853 - CVE-2010-4820 ghostscript: CWD included in the default library search path
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm
i386: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-gtk-8.70-6.el5_7.6.i386.rpm
x86_64: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-8.70-6.el5_7.6.x86_64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm ghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm
i386: ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm
x86_64: ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm
i386: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm ghostscript-gtk-8.70-6.el5_7.6.i386.rpm
ia64: ghostscript-8.70-6.el5_7.6.ia64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.ia64.rpm ghostscript-devel-8.70-6.el5_7.6.ia64.rpm ghostscript-gtk-8.70-6.el5_7.6.ia64.rpm
ppc: ghostscript-8.70-6.el5_7.6.ppc.rpm ghostscript-8.70-6.el5_7.6.ppc64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.ppc.rpm ghostscript-debuginfo-8.70-6.el5_7.6.ppc64.rpm ghostscript-devel-8.70-6.el5_7.6.ppc.rpm ghostscript-devel-8.70-6.el5_7.6.ppc64.rpm ghostscript-gtk-8.70-6.el5_7.6.ppc.rpm
s390x: ghostscript-8.70-6.el5_7.6.s390.rpm ghostscript-8.70-6.el5_7.6.s390x.rpm ghostscript-debuginfo-8.70-6.el5_7.6.s390.rpm ghostscript-debuginfo-8.70-6.el5_7.6.s390x.rpm ghostscript-devel-8.70-6.el5_7.6.s390.rpm ghostscript-devel-8.70-6.el5_7.6.s390x.rpm ghostscript-gtk-8.70-6.el5_7.6.s390x.rpm
x86_64: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-8.70-6.el5_7.6.x86_64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.x86_64.rpm ghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-doc-8.70-11.el6_2.6.i686.rpm ghostscript-gtk-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm
ppc64: ghostscript-8.70-11.el6_2.6.ppc.rpm ghostscript-8.70-11.el6_2.6.ppc64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm ghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm
s390x: ghostscript-8.70-11.el6_2.6.s390.rpm ghostscript-8.70-11.el6_2.6.s390x.rpm ghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm ghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-doc-8.70-11.el6_2.6.i686.rpm ghostscript-gtk-8.70-11.el6_2.6.i686.rpm
ppc64: ghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm ghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm ghostscript-devel-8.70-11.el6_2.6.ppc.rpm ghostscript-devel-8.70-11.el6_2.6.ppc64.rpm ghostscript-doc-8.70-11.el6_2.6.ppc64.rpm ghostscript-gtk-8.70-11.el6_2.6.ppc64.rpm
s390x: ghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm ghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm ghostscript-devel-8.70-11.el6_2.6.s390.rpm ghostscript-devel-8.70-11.el6_2.6.s390x.rpm ghostscript-doc-8.70-11.el6_2.6.s390x.rpm ghostscript-gtk-8.70-11.el6_2.6.s390x.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-doc-8.70-11.el6_2.6.i686.rpm ghostscript-gtk-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2009-3743.html https://www.redhat.com/security/data/cve/CVE-2010-2055.html https://www.redhat.com/security/data/cve/CVE-2010-4054.html https://www.redhat.com/security/data/cve/CVE-2010-4820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD4DBQFPKxQeXlSAg2UNWIIRArqLAJYndAdU+gEQ5Ki//vi/wh7KgAtYAJ9NwToi Ov6GX/QA+l4EOfr9Yj/1Qg== =6sZd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-1317-1 January 04, 2012
ghostscript vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Ghostscript could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - ghostscript: The GPL Ghostscript PostScript/PDF interpreter
Details:
It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. (CVE-2008-3520)
It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. (CVE-2008-3522)
It was discovered that Ghostscript incorrectly handled certain malformed TrueType fonts. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-3743)
It was discovered that Ghostscript incorrectly handled certain malformed Type 2 fonts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-4054)
Jonathan Foote discovered that Ghostscript incorrectly handled certain malformed JPEG-2000 image files. (CVE-2011-4516, CVE-2011-4517)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: libgs8 8.71.dfsg.2-0ubuntu7.1
Ubuntu 10.04 LTS: libgs8 8.71.dfsg.1-0ubuntu5.4
Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.4
In general, a standard system update will make all the necessary changes.
--[ Vulnerability details:
memove() is defined in string.h and has the following prototype:
void *memmove(void *dest, const void *src, size_t n);
It is worth noticing that size_t is a signed integer.
In ghostscript-8.70.dfsg.1/base/ttinterp.c we can find the following code snippet:
/******/ / MINDEX[] : move indexed element / / CodeRange : $26 */
static void Ins_MINDEX( INS_ARG ) { Long L, K; [0]
L = args[0]; [1]
if ( L<0 || L > CUR.args ) [2]
{
CUR.error = TT_Err_Invalid_Reference;
return;
}
K = CUR.stack[CUR.args - L]; [3]
memmove( (&CUR.stack[CUR.args - L ]), [4]
(&CUR.stack[CUR.args - L + 1]),
(L - 1) * sizeof ( Long ) );
CUR.stack[ CUR.args-1 ] = K;
}
[0] L is actually an unsigned long on x86. [1] L is user controled. [2] what if L is null then ? [3] will work fine with L null... [4] if L was null, then the sized passed to memmove is casted from an unsigned long to a signed integer (size_t) worthing 111111111111111111111111111111 in binary, or 0x3fffffff.
Let's now consider the third argument passed to memmove in [4]. This value is used as a counter in register ecx, resulting in the copy of a very large chunk of memory (0x3fffffff ~= 1Gb). At this time, the destination being somewhere in the heap, the appliation will eventually fill the heap segment with (unexpected) data, and the copy will fail when trying to write to the first non mapped address after the heap in the address space, generating a segmentation fault.
Experimentally, reaching this codepath has shown to be possible. The values of the registers (in particular ecx and edi) at crash time are coherent with our expectations and the explaination above :
Program received signal SIGSEGV, Segmentation fault. -------------------------------------------------------------------------[ regs eax:FFFFFFFC ebx:405B6FF4 ecx:3FF85061 edx:0807C844 eflags:00010216 esi:0826A000 edi:08269FFC esp:BFFFDD18 ebp:BFFFDD58 eip:408EFA83 cs:0073 ds:007B es:007B fs:0000 gs:0033 ss:007B o d I t s z A P c [007B:BFFFDD18]---------------------------------------------------------[stack] BFFFDD48 : E0 13 F9 FF F4 6F 5B 40 - 44 C8 07 08 00 00 00 00 .....o[@D....... BFFFDD38 : 00 00 00 00 00 00 00 00 - 01 00 00 00 0D 00 00 00 ................ BFFFDD28 : FC FF FF FF AE 42 0F 40 - 44 C8 07 08 34 CA 07 08 .....B.@D...4... BFFFDD18 : 26 00 00 00 09 69 0F 40 - 84 E1 07 08 88 E1 07 08 &....i.@........ [007B:0826A000]---------------------------------------------------------[ data] : rep movs DWORD PTR es:[edi],DWORD PTR ds:[esi]
Arbitrary code execution would require to corrupt the heap with a bit more than 1Gb of copied data without writting to invalid memory. Having the heap allocate so much data is not belived to be possible in the current situation under x86 GNU/linux.
endrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$ ldd /bin/ /sbin/ \ /usr/sbin/ /usr/local/bin/ \ /usr/local/sbin/ /usr/bin/ 2>/dev/null |grep "libgs.so|:"|grep "libgs" -B 1 /usr/sbin/lpdomatic: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/directomatic: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/foomatic-rip: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/ghostscript: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/gs: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) endrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$
Third party applications linking to this library may also be vulnerable.
--[ Patch:
This off by one can be mitigated by applying the following patch in
ghostscript-8.70.dfsg.1/base/ttinterp.c :
- if ( L<0 || L > CUR.args )
-
if ( L<=0 || L > CUR.args )
The patch that has actually been merged to Ghostscript is strictly equivalent.
--[ Disclosure timeline:
- 19/10/2009: Contact Vendor.
- 19/10/2009: Vendor replies to our mail asking for details.
- 26/10/2009: Recontact vendor, ask for a valid pgp key.
- 05/11/2009: Recontact vendor who failed at providing a valid pgp key.
- 15/11/2009: Receive a valid pgp key from vendor. Provide details, including two PoCs to the Vendor.
- 16/12/2009: Recontact the vendor who doesn't get back to us.
- 05/01/2010: Vendor asks for more details including a complete bug analysis and patches.
- 06/01/2010: Provide full analysis and patches to the vendor.
- 06/01/2010: Vendor claims to have silently patched the vulnerability in their development branch.
- 01/03/2010: Ping vendor, who remains silent...
- 22/03/2010: Ping vendor, who remains silent...
- 20/07/2010: Inform the CERT about the vulnearbility.
- 20/07/2010: Recontact CERT about this vulnerability.
- 03/08/2010: CERT gets back to us asking for details.
- 09/08/2010: Send available information to the CERT.
- 13/08/2010: The CERT compares our patch and the applied patch in addition to the material we provided and concludes the vendor actually did fix the vulnerability as we suggested, but silently, denying us any kind of credit.
- 14/08/2010: The CERT assigns CVE number CVE-2009-3743 to this vulnerability.
- 25/11/2010: Public disclosure.
Note: The vendor claims to follow a bounty program for coders fixing bugs in their software. From our experience, they do not practice such a thing but silently patch reported bugs instead. We hope this was merely an exception.
--[ Credits: This vulnerability was discovered by Jonathan Brossard from Toucan System.
--[ About Toucan System:
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.56"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.62"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.53"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.54"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.61"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.60"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.54"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.51"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.57"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.63"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.51"
},
{
"model": "ghostscript fonts",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.11"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.00"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.52"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "7.03"
},
{
"model": "ghostscript fonts",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.0"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "7.04"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.11"
},
{
"model": "gpl ghostscript",
"scope": "lte",
"trust": 1.0,
"vendor": "artifex",
"version": "8.70"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.15"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.50"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.14"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.50"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.64"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.0"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.01"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "7.00"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.01"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.12"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.13"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.50"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "artifex",
"version": null
},
{
"model": "gpl ghostscript",
"scope": "lt",
"trust": 0.8,
"vendor": "artifex",
"version": "8.71 earlier"
},
{
"model": "ghostscript",
"scope": "lt",
"trust": 0.6,
"vendor": "ghostscript",
"version": "8.71"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.15.2"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.0.1"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "5.50"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.70"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.64"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.61"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.60"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.57"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.56"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.54"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.15"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "7.07"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "7.05"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "8.50"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "8.01"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.07"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.06"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.05"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.04"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "6.53"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "6.52"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "6.51"
},
{
"model": "enterprises ghostscript 7",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.50.8"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.50.8"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.50"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.16"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.15"
},
{
"model": "enterprises ghostscript cl",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.12"
},
{
"model": "enterprises ghostscript mdk",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10"
},
{
"model": "enterprises ghostscript mdk",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10-1"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10-1"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10"
},
{
"model": "enterprises ghostscript cl",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "4.3.2"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "4.3"
},
{
"model": "ghostscript",
"scope": "ne",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.71"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:artifex:gpl_ghostscript",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan Brossard",
"sources": [
{
"db": "BID",
"id": "42640"
},
{
"db": "PACKETSTORM",
"id": "96130"
}
],
"trust": 0.4
},
"cve": "CVE-2009-3743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3743",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3743",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#644319",
"trust": 0.8,
"value": "0.45"
},
{
"author": "NVD",
"id": "CVE-2009-3743",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-319",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. Ghostscript of TrueType bytecode interpreter Vulnerabilities exist. Ghostscript is a program for displaying PostScript files or printing files to non-PostScript printers. \nAn attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. \nVersions prior to Ghostscript 8.71 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: GPL Ghostscript: Multiple vulnerabilities\n Date: December 13, 2014\n Bugs: #264594, #300192, #332061, #437654\n ID: 201412-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in GPL Ghostscript, the worst\nof which may allow execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/ghostscript-gpl\n \u003c 9.10-r2 \u003e= 9.10-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in GPL Ghostscript. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll GPL Ghostscript users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-text/ghostscript-gpl-9.10-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-0196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0196\n[ 2 ] CVE-2009-0792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0792\n[ 3 ] CVE-2009-3743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3743\n[ 4 ] CVE-2009-4270\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4270\n[ 5 ] CVE-2009-4897\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4897\n[ 6 ] CVE-2010-1628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1628\n[ 7 ] CVE-2010-2055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2055\n[ 8 ] CVE-2010-4054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4054\n[ 9 ] CVE-2012-4405\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4405\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-17.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ghostscript security update\nAdvisory ID: RHSA-2012:0095-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0095.html\nIssue date: 2012-02-02\nCVE Names: CVE-2009-3743 CVE-2010-2055 CVE-2010-4054 \n CVE-2010-4820 \n=====================================================================\n\n1. Summary:\n\nUpdated ghostscript packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nGhostscript is a set of software that provides a PostScript interpreter, a\nset of C procedures (the Ghostscript library, which implements the graphics\ncapabilities in the PostScript language) and an interpreter for Portable\nDocument Format (PDF) files. An attacker could create a specially-crafted PostScript or PDF\nfile that, when interpreted, could cause Ghostscript to crash or,\npotentially, execute arbitrary code. (CVE-2009-3743)\n\nIt was found that Ghostscript always tried to read Ghostscript system\ninitialization files from the current working directory before checking\nother directories, even if a search path that did not contain the current\nworking directory was specified with the \"-I\" option, or the \"-P-\" option\nwas used (to prevent the current working directory being searched first). (CVE-2010-2055)\n\nGhostscript included the current working directory in its library search\npath by default. If a user ran Ghostscript without the \"-P-\" option in an\nattacker-controlled directory containing a specially-crafted PostScript\nlibrary file, it could cause Ghostscript to execute arbitrary PostScript\ncode. With this update, Ghostscript no longer searches the current working\ndirectory for library files by default. (CVE-2010-4820)\n\nNote: The fix for CVE-2010-4820 could possibly break existing\nconfigurations. To use the previous, vulnerable behavior, run Ghostscript\nwith the \"-P\" option (to always search the current working directory\nfirst). An attacker could create a specially-crafted\nPostScript Type 1 or PostScript Type 2 font file that, when interpreted,\ncould cause Ghostscript to crash or, potentially, execute arbitrary code. \n(CVE-2010-4054)\n\nUsers of Ghostscript are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n599564 - CVE-2010-2055 ghostscript: gs_init.ps searched in current directory despite -P-\n627902 - CVE-2009-3743 ghostscript: TrueType bytecode intepreter integer overflow or wraparound\n646086 - CVE-2010-4054 ghostscript: glyph data access improper input validation\n771853 - CVE-2010-4820 ghostscript: CWD included in the default library search path\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm\n\ni386:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-gtk-8.70-6.el5_7.6.i386.rpm\n\nx86_64:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-8.70-6.el5_7.6.x86_64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm\nghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm\n\ni386:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\nghostscript-gtk-8.70-6.el5_7.6.i386.rpm\n\nia64:\nghostscript-8.70-6.el5_7.6.ia64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.ia64.rpm\nghostscript-devel-8.70-6.el5_7.6.ia64.rpm\nghostscript-gtk-8.70-6.el5_7.6.ia64.rpm\n\nppc:\nghostscript-8.70-6.el5_7.6.ppc.rpm\nghostscript-8.70-6.el5_7.6.ppc64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.ppc.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.ppc64.rpm\nghostscript-devel-8.70-6.el5_7.6.ppc.rpm\nghostscript-devel-8.70-6.el5_7.6.ppc64.rpm\nghostscript-gtk-8.70-6.el5_7.6.ppc.rpm\n\ns390x:\nghostscript-8.70-6.el5_7.6.s390.rpm\nghostscript-8.70-6.el5_7.6.s390x.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.s390.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.s390x.rpm\nghostscript-devel-8.70-6.el5_7.6.s390.rpm\nghostscript-devel-8.70-6.el5_7.6.s390x.rpm\nghostscript-gtk-8.70-6.el5_7.6.s390x.rpm\n\nx86_64:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-8.70-6.el5_7.6.x86_64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.x86_64.rpm\nghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-doc-8.70-11.el6_2.6.i686.rpm\nghostscript-gtk-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\n\nppc64:\nghostscript-8.70-11.el6_2.6.ppc.rpm\nghostscript-8.70-11.el6_2.6.ppc64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm\n\ns390x:\nghostscript-8.70-11.el6_2.6.s390.rpm\nghostscript-8.70-11.el6_2.6.s390x.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-doc-8.70-11.el6_2.6.i686.rpm\nghostscript-gtk-8.70-11.el6_2.6.i686.rpm\n\nppc64:\nghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm\nghostscript-devel-8.70-11.el6_2.6.ppc.rpm\nghostscript-devel-8.70-11.el6_2.6.ppc64.rpm\nghostscript-doc-8.70-11.el6_2.6.ppc64.rpm\nghostscript-gtk-8.70-11.el6_2.6.ppc64.rpm\n\ns390x:\nghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm\nghostscript-devel-8.70-11.el6_2.6.s390.rpm\nghostscript-devel-8.70-11.el6_2.6.s390x.rpm\nghostscript-doc-8.70-11.el6_2.6.s390x.rpm\nghostscript-gtk-8.70-11.el6_2.6.s390x.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-doc-8.70-11.el6_2.6.i686.rpm\nghostscript-gtk-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2009-3743.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-2055.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4054.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD4DBQFPKxQeXlSAg2UNWIIRArqLAJYndAdU+gEQ5Ki//vi/wh7KgAtYAJ9NwToi\nOv6GX/QA+l4EOfr9Yj/1Qg==\n=6sZd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-1317-1\nJanuary 04, 2012\n\nghostscript vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nGhostscript could be made to crash or run programs as your login if it\nopened a specially crafted file. \n\nSoftware Description:\n- ghostscript: The GPL Ghostscript PostScript/PDF interpreter\n\nDetails:\n\nIt was discovered that Ghostscript did not correctly handle memory\nallocation when parsing certain malformed JPEG-2000 images. (CVE-2008-3520)\n\nIt was discovered that Ghostscript did not correctly handle certain\nformatting operations when parsing JPEG-2000 images. (CVE-2008-3522)\n\nIt was discovered that Ghostscript incorrectly handled certain malformed\nTrueType fonts. \nThis issue only affected Ubuntu 8.04 LTS. (CVE-2009-3743)\n\nIt was discovered that Ghostscript incorrectly handled certain malformed\nType 2 fonts. \nThis issue only affected Ubuntu 8.04 LTS. (CVE-2010-4054)\n\nJonathan Foote discovered that Ghostscript incorrectly handled certain\nmalformed JPEG-2000 image files. (CVE-2011-4516, CVE-2011-4517)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n libgs8 8.71.dfsg.2-0ubuntu7.1\n\nUbuntu 10.04 LTS:\n libgs8 8.71.dfsg.1-0ubuntu5.4\n\nUbuntu 8.04 LTS:\n libgs8 8.61.dfsg.1-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. \n\n--[ Vulnerability details:\n\nmemove() is defined in string.h and has the following prototype:\n\n void *memmove(void *dest, const void *src, size_t n);\n\nIt is worth noticing that size_t is a signed integer. \n\nIn ghostscript-8.70.dfsg.1/base/ttinterp.c we can find the following code\nsnippet:\n\n/*******************************************/\n/* MINDEX[] : move indexed element */\n/* CodeRange : $26 */\n\n static void Ins_MINDEX( INS_ARG )\n {\n Long L, K; [0]\n\n\n L = args[0]; [1]\n\n if ( L\u003c0 || L \u003e CUR.args ) [2]\n {\n CUR.error = TT_Err_Invalid_Reference;\n return;\n }\n\n K = CUR.stack[CUR.args - L]; [3]\n\n memmove( (\u0026CUR.stack[CUR.args - L ]), [4]\n (\u0026CUR.stack[CUR.args - L + 1]),\n (L - 1) * sizeof ( Long ) );\n\n CUR.stack[ CUR.args-1 ] = K;\n }\n\n\n[0] L is actually an unsigned long on x86. \n[1] L is user controled. \n[2] what if L is null then ?\n[3] will work fine with L null... \n[4] if L was null, then the sized passed to memmove is casted from an\nunsigned long to a signed integer (size_t) worthing\n111111111111111111111111111111 in binary, or 0x3fffffff. \n\n\nLet\u0027s now consider the third argument passed to memmove in [4]. This\nvalue is used as a counter in register ecx, resulting in the copy of a very\nlarge chunk of memory (0x3fffffff ~= 1Gb). At this time, the destination being\nsomewhere in the heap, the appliation will eventually fill the heap segment\nwith (unexpected) data, and the copy will fail when trying to write to the\nfirst non mapped address after the heap in the address space, generating a\nsegmentation fault. \n\nExperimentally, reaching this codepath has shown to be possible. \nThe values of the registers (in particular ecx and edi) at crash time are\ncoherent with our expectations and the explaination above :\n\nProgram received signal SIGSEGV, Segmentation fault. \n-------------------------------------------------------------------------[\nregs\n eax:FFFFFFFC ebx:405B6FF4 ecx:3FF85061 edx:0807C844\neflags:00010216\n esi:0826A000 edi:08269FFC esp:BFFFDD18 ebp:BFFFDD58 eip:408EFA83\n cs:0073 ds:007B es:007B fs:0000 gs:0033 ss:007B o d I t s z\nA P c\n[007B:BFFFDD18]---------------------------------------------------------[stack]\nBFFFDD48 : E0 13 F9 FF F4 6F 5B 40 - 44 C8 07 08 00 00 00 00\n.....o[@D....... \nBFFFDD38 : 00 00 00 00 00 00 00 00 - 01 00 00 00 0D 00 00 00\n................ \nBFFFDD28 : FC FF FF FF AE 42 0F 40 - 44 C8 07 08 34 CA 07 08\n.....B.@D...4... \nBFFFDD18 : 26 00 00 00 09 69 0F 40 - 84 E1 07 08 88 E1 07 08\n\u0026....i.@........ \n[007B:0826A000]---------------------------------------------------------[ data]\n\u003cmemmove+35\u003e: rep movs DWORD PTR es:[edi],DWORD PTR ds:[esi]\n\n\nArbitrary code execution would require to corrupt the heap with a bit more than\n1Gb of copied data without writting to invalid memory. Having the heap\nallocate so much data is not belived to be possible in the current situation\nunder x86 GNU/linux. \n\nendrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$ ldd /bin/* /sbin/* \\\n/usr/sbin/* /usr/local/bin/* \\\n/usr/local/sbin/* /usr/bin/* 2\u003e/dev/null |grep \"libgs.so\\|:\"|grep\n\"libgs\" -B 1\n/usr/sbin/lpdomatic:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/directomatic:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/foomatic-rip:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/ghostscript:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/gs:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\nendrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$\n\n Third party applications linking to this library may also be vulnerable. \n\n--[ Patch:\n\n This off by one can be mitigated by applying the following patch in\n ghostscript-8.70.dfsg.1/base/ttinterp.c :\n\n- if ( L\u003c0 || L \u003e CUR.args )\n+ if ( L\u003c=0 || L \u003e CUR.args )\n\n The patch that has actually been merged to Ghostscript is strictly\n equivalent. \n\n\n\n--[ Disclosure timeline:\n\n* 19/10/2009: Contact Vendor. \n* 19/10/2009: Vendor replies to our mail asking for details. \n* 26/10/2009: Recontact vendor, ask for a valid pgp key. \n* 05/11/2009: Recontact vendor who failed at providing a valid pgp key. \n* 15/11/2009: Receive a valid pgp key from vendor. Provide details,\n including two PoCs to the Vendor. \n* 16/12/2009: Recontact the vendor who doesn\u0027t get back to us. \n* 05/01/2010: Vendor asks for more details including a complete bug analysis\n and patches. \n* 06/01/2010: Provide full analysis and patches to the vendor. \n* 06/01/2010: Vendor claims to have silently patched the vulnerability in\n their development branch. \n* 01/03/2010: Ping vendor, who remains silent... \n* 22/03/2010: Ping vendor, who remains silent... \n* 20/07/2010: Inform the CERT about the vulnearbility. \n* 20/07/2010: Recontact CERT about this vulnerability. \n* 03/08/2010: CERT gets back to us asking for details. \n* 09/08/2010: Send available information to the CERT. \n* 13/08/2010: The CERT compares our patch and the applied patch in addition\n to the material we provided and concludes the vendor actually\n did fix the vulnerability as we suggested, but silently, denying\n us any kind of credit. \n* 14/08/2010: The CERT assigns CVE number CVE-2009-3743 to this vulnerability. \n* 25/11/2010: Public disclosure. \n\nNote: The vendor claims to follow a bounty program for coders fixing bugs\n in their software. From our experience, they do not practice such a\n thing but silently patch reported bugs instead. We hope this was\n merely an exception. \n\n\n--[ Credits:\n This vulnerability was discovered by Jonathan Brossard from Toucan System. \n\n--[ About Toucan System:\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3743"
},
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#644319",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2009-3743",
"trust": 3.7
},
{
"db": "SECTRACK",
"id": "1024785",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1734",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "HTTP://WWW.KB.CERT.ORG/VULS/ID/JALR-87YGN8",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319",
"trust": 0.6
},
{
"db": "BID",
"id": "42640",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "129572",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108331",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96130",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"id": "VAR-201008-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1734"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1734"
}
]
},
"last_update_date": "2025-04-11T20:11:10.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.artifex.com/"
},
{
"title": "Ghostscript TrueType bytecode interpreter heap memory corruption patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/908"
},
{
"title": "ghostscript-8.71",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40348"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/644319"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/jalr-87ygn8"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"trust": 1.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0095.html"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1024785"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/514892/100/0/threaded"
},
{
"trust": 0.8,
"url": "https://code.google.com/p/ghostscript/source/detail?r=10602\u0026path=/trunk/gs/base/ttinterp.c"
},
{
"trust": 0.8,
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691044"
},
{
"trust": 0.8,
"url": "http://toucan-system.com/advisories/tssa-2010-01.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3743"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu644319"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3743"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3743"
},
{
"trust": 0.3,
"url": "http://www.ghostscript.com/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100156381"
},
{
"trust": 0.3,
"url": "/archive/1/514892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4054"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2055"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4405"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4897"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2055"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0792"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4270"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1628"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4897"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4270"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-2055.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4820.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2009-3743.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4820"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4054.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ghostscript/8.71.dfsg.1-0ubuntu5.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4517"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ghostscript/8.61.dfsg.1-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4516"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ghostscript/8.71.dfsg.2-0ubuntu7.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1317-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3522"
},
{
"trust": 0.1,
"url": "http://www.toucan-system.com/advisories/tssa-2010-01.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-24T00:00:00",
"db": "CERT/CC",
"id": "VU#644319"
},
{
"date": "2010-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"date": "2010-08-24T00:00:00",
"db": "BID",
"id": "42640"
},
{
"date": "2010-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"date": "2014-12-15T20:05:03",
"db": "PACKETSTORM",
"id": "129572"
},
{
"date": "2012-02-03T00:19:10",
"db": "PACKETSTORM",
"id": "109370"
},
{
"date": "2012-01-04T15:48:27",
"db": "PACKETSTORM",
"id": "108331"
},
{
"date": "2010-11-26T12:12:12",
"db": "PACKETSTORM",
"id": "96130"
},
{
"date": "2010-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"date": "2010-08-26T21:00:01.200000",
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-06T00:00:00",
"db": "CERT/CC",
"id": "VU#644319"
},
{
"date": "2010-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"date": "2014-12-16T00:55:00",
"db": "BID",
"id": "42640"
},
{
"date": "2010-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"date": "2011-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ghostscript Heap Corruption in TrueType bytecode interpreter",
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
}
],
"trust": 0.6
}
}