Artifex Artifex

  1. Vendors
  2. Artifex

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Artifex product.

RSS Feeds for Artifex security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Artifex products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Artifex Sorted by Most Security Vulnerabilities since 2018

Artifex Ghostscript111 vulnerabilities

Artifex Mupdf51 vulnerabilities

Artifex Mujs15 vulnerabilities

Artifex Gpl Ghostscript9 vulnerabilities

Artifex Jbig2dec3 vulnerabilities

Artifex Ghostpcl1 vulnerability

Known Exploited Artifex Vulnerabilities

The following Artifex vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Artifex Ghostscript Type Confusion Vulnerability Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
CVE-2017-8291 Exploit Probability: 92.9% 		May 24, 2022

The vulnerability CVE-2017-8291: Artifex Ghostscript Type Confusion Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 17 vulnerabilities in Artifex with an average score of 6.4 out of ten. Last year, in 2024 Artifex had 20 security vulnerabilities published. Right now, Artifex is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 1.08




Year Vulnerabilities Average Score
2025 17 6.44
2024 20 7.52
2023 20 7.16
2022 12 7.02
2021 5 6.30
2020 31 6.07
2019 19 7.60
2018 48 6.88

It may take a day or so for new Artifex vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Artifex Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-55780 Sep 23, 2025
MuPDF 1.26.4 NPE in break_word_for_overflow_wrap() during EPUB rendering A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.
Mupdf
CVE-2025-59801 Sep 22, 2025
Stack overflow in Artifex GhostXPS before 10.06 via xps_unpredict_tiff In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
CVE-2025-59800 Sep 22, 2025
Int Overflow in Artifex Ghostscript 10.05.1 OCR Module Heap Buffer Overflow In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
Ghostscript
CVE-2025-59799 Sep 22, 2025
Artifex Ghostscript 10.05.1 Stack Overflow via pdfmark_coerce_dest Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
Ghostscript
CVE-2025-59798 Sep 22, 2025
Artifex Ghostscript 10.05.1 Stack Buffer Overflow CVE-2025-59798 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
Ghostscript
CVE-2025-46206 Aug 04, 2025
DoS via Infinite Recursion in mutool clean (Artifex MuPDF 1.25.5/1.25.6) An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion
Mupdf
CVE-2025-7462 Jul 12, 2025
Artifex GhostPDL Remote DoS via NULL PTR Deref in pdf_ferror A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue.
Ghostscript
CVE-2025-48708 May 23, 2025
Ghostscript Pre-10.05.1 Cleartext Password Leak via Unsanitized # Argument gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
Ghostscript
CVE-2025-46646 Apr 26, 2025
Ghostscript <10.05.0 Overlong UTF-8 Decode, gp_utf8.c In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
Ghostscript
CVE-2025-27837 Mar 25, 2025
Ghostscript <=10.05.0 LFI via Invalid UTF-8 in winrtsup.cpp An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
Ghostscript
CVE-2025-27836 Mar 25, 2025
Ghostscript Buffer Overflow CVE-2025-27836 (BJ10V) before 10.05.0 An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
Ghostscript
CVE-2025-27835 Mar 25, 2025
Ghostscript <10.05.0 Buffer Overflow in psi/zbfont.c Unicode Glyph Conversion An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
Ghostscript
CVE-2025-27834 Mar 25, 2025
Ghostscript <10.05.0 buf ovf via oversized Type 4 PDF func An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
Ghostscript
CVE-2025-27833 Mar 25, 2025
Artifex Ghostscript <10.05.0 Buffer Overflow via TTF Font Name in pdf/pdf_fmap.c An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
Ghostscript
CVE-2025-27832 Mar 25, 2025
Ghostscript 10.05.0 NPDL Device Compression Buffer Overflow An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
Ghostscript
CVE-2025-27831 Mar 25, 2025
Text Buffer Overflow in Artifex Ghostscript DOCXWRITE TXTWRITE Device <10.05.0 An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
Ghostscript
CVE-2025-27830 Mar 25, 2025
Ghostscript <10.05 Buffer Overflow in DollarBlend Font Serialization An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
Ghostscript
CVE-2024-46657 Dec 10, 2024
Artifex Software MuPDF Segmentation Fault Vulnerability in pdfextract Component Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Mupdf
CVE-2024-46952 Nov 10, 2024
Ghostscript PDF XRef Buffer Overflow An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
Ghostscript
CVE-2024-46953 Nov 10, 2024
Ghostscript 10.03 Path Traversal Overflow An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Ghostscript
CVE-2024-46954 Nov 10, 2024
Ghostscript 10.03.1 UTF-8 Traversal Flaw An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
Ghostscript
CVE-2024-46955 Nov 10, 2024
Ghostscript 10.03 Indexed Color OOB Read An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
Ghostscript
CVE-2024-46956 Nov 10, 2024
Ghostscript 10.03 Out-of-Bounds Access An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Ghostscript
CVE-2024-46951 Nov 10, 2024
Ghostscript 10.03 Pattern Color Space RCE An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Ghostscript
CVE-2024-33870 Jul 03, 2024
Ghostscript <=10.03.1 Path Traversal via Crafting PS Docs An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
Ghostscript
CVE-2024-33869 Jul 03, 2024
Artifex Ghostscript <10.03.1: Path Traversal & Command Exec An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
Ghostscript
CVE-2024-29511 Jul 03, 2024
Ghostscript <=10.03.1 Tesseract OCR Directory Traversal Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
Ghostscript
CVE-2024-29510 Jul 03, 2024
Artifex Ghostscript before 10.03.1 memory corruption via format string (uniprint) Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
Ghostscript
CVE-2024-29507 Jul 03, 2024
Ghostscript <10.03.0 Stack BOverflow via CIDFSubstPath & CIDFSubstFont Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Ghostscript
CVE-2024-33871 Jul 03, 2024
Arbitrary Code Exec in Artifex Ghostscript <10.03.1 via Driver Lib An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
Ghostscript
CVE-2024-29509 Jul 03, 2024
Heap Overflow in Ghostscript <=10.03.0 via PDFPassword with NUL Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
Ghostscript
CVE-2024-29508 Jul 03, 2024
Artifex Ghostscript 10.03.0 Heap-Based Pointer Disclosure in pdf_base_font_alloc Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
Ghostscript
CVE-2024-29506 Jul 03, 2024
Ghostscript 10.03 Buffer Overflow via long PDF Filter name Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
Ghostscript
CVE-2023-52722 Apr 28, 2024
Ghostscript <10.03.1: eexec Seed Bypass in SAFER Mode (psi/zmisc1.c) An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.
Ghostscript
CVE-2024-24258 Feb 05, 2024
freeglut 3.4.0 mem leak via menuEntry in glutAddSubMenu freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
Mupdf
CVE-2024-24259 Feb 05, 2024
FreeGLUT <=3.4.0 Memory Leak via glutAddMenuEntry freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
Mupdf
CVE-2020-36773 Feb 04, 2024
Artifex Ghostscript <9.53.0 OOB Write/UA-Free in txtwrite Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
Ghostscript
CVE-2023-51104 Dec 26, 2023
MuPDF 1.23.4 FP Exception via pnm_binary_read_image() Divz A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.
Mupdf
CVE-2023-51105 Dec 26, 2023
MuPDF 1.23.4: Float Exception in bmp_decompress_rle4() BMP Decompressor A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.
Mupdf
CVE-2023-51106 Dec 26, 2023
FP Exception in MuPDF 1.23.4 pnm_binary_read_image A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
Mupdf
CVE-2023-51107 Dec 26, 2023
MuPDF 1.23.4 Divide-by-Zero in compute_color() FPE Vulnerability A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product.
Mupdf
CVE-2023-51103 Dec 26, 2023
Artifex MuPDF 1.23.4 FP divide-by-zero in pixmap.c A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.
Mupdf
CVE-2023-46751 Dec 06, 2023
Ghostscript <10.02.0 DoS via dangling pointer in gdev_prn_open_printer_seekable An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Ghostscript
CVE-2023-46361 Oct 31, 2023
jbig2dec v0.20 SEGV via jbig2_error at jbig2.c Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.
Jbig2dec
CVE-2023-31794 Oct 31, 2023
MuPDF 1.21.1 DoS via Infinite Recursion in pdf_mark_list_push MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Mupdf
CVE-2023-43115 Sep 18, 2023
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Ghostscript
CVE-2023-4042 Aug 23, 2023
A flaw was found in ghostscript A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
Ghostscript
CVE-2020-21710 Aug 22, 2023
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.
Ghostscript
CVE-2020-21890 Aug 22, 2023
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.
Ghostscript
CVE-2020-26683 Aug 22, 2023
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.
Mupdf
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.