Artifex
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Artifex product.
RSS Feeds for Artifex security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Artifex products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Artifex Sorted by Most Security Vulnerabilities since 2018
Known Exploited Artifex Vulnerabilities
The following Artifex vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Artifex Ghostscript Type Confusion Vulnerability |
Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. CVE-2017-8291 Exploit Probability: 92.5% |
May 24, 2022 |
The vulnerability CVE-2017-8291: Artifex Ghostscript Type Confusion Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2025 there have been 10 vulnerabilities in Artifex with an average score of 3.3 out of ten. Last year, in 2024 Artifex had 20 security vulnerabilities published. Right now, Artifex is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 4.22
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 10 | 3.30 |
| 2024 | 20 | 7.52 |
| 2023 | 20 | 7.08 |
| 2022 | 12 | 7.02 |
| 2021 | 5 | 6.30 |
| 2020 | 31 | 6.07 |
| 2019 | 19 | 7.60 |
| 2018 | 48 | 6.88 |
It may take a day or so for new Artifex vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Artifex Security Vulnerabilities
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case
CVE-2025-48708
3.3 - Low
- May 23, 2025
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
Improper Removal of Sensitive Information Before Storage or Transfer
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding
CVE-2025-46646
- April 26, 2025
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27830
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27831
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27832
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27833
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27834
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27835
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27836
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
An issue was discovered in Artifex Ghostscript before 10.05.0
CVE-2025-27837
- March 25, 2025
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
Artifex Software MuPDF Segmentation Fault Vulnerability in pdfextract Component
CVE-2024-46657
- December 10, 2024
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Ghostscript PDF XRef Buffer Overflow
CVE-2024-46952
7.8 - High
- November 10, 2024
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
Classic Buffer Overflow
Ghostscript 10.03 Path Traversal Overflow
CVE-2024-46953
7.8 - High
- November 10, 2024
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Integer Overflow or Wraparound
Ghostscript 10.03.1 UTF-8 Traversal Flaw
CVE-2024-46954
7.8 - High
- November 10, 2024
An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
Directory traversal
Ghostscript 10.03 Indexed Color OOB Read
CVE-2024-46955
5.5 - Medium
- November 10, 2024
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
Out-of-bounds Read
Ghostscript 10.03 Out-of-Bounds Access
CVE-2024-46956
7.8 - High
- November 10, 2024
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Out-of-bounds Read
Ghostscript 10.03 Pattern Color Space RCE
CVE-2024-46951
7.8 - High
- November 10, 2024
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Access of Uninitialized Pointer
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow
CVE-2024-29507
- July 03, 2024
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Artifex Ghostscript before 10.03.1
CVE-2024-29510
- July 03, 2024
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue
CVE-2024-29511
- July 03, 2024
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
An issue was discovered in Artifex Ghostscript before 10.03.1
CVE-2024-33869
- July 03, 2024
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
An issue was discovered in Artifex Ghostscript before 10.03.1
CVE-2024-33870
- July 03, 2024
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
An issue was discovered in Artifex Ghostscript before 10.03.1
CVE-2024-33871
- July 03, 2024
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function
CVE-2024-29506
8.8 - High
- July 03, 2024
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
Memory Corruption
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
CVE-2024-29508
3.3 - Low
- July 03, 2024
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g
CVE-2024-29509
8.8 - High
- July 03, 2024
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
Memory Corruption
An issue was discovered in Artifex Ghostscript before 10.03.1
CVE-2023-52722
- April 28, 2024
An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.
freeglut through 3.4.0 was discovered to contain a memory leak
CVE-2024-24259
7.5 - High
- February 05, 2024
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
Memory Leak
freeglut 3.4.0 was discovered to contain a memory leak
CVE-2024-24258
7.5 - High
- February 05, 2024
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
Memory Leak
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite)
CVE-2020-36773
9.8 - Critical
- February 04, 2024
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
Memory Corruption
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.
CVE-2023-51104
7.5 - High
- December 26, 2023
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.
Divide By Zero
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.
CVE-2023-51105
7.5 - High
- December 26, 2023
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.
Divide By Zero
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
CVE-2023-51106
7.5 - High
- December 26, 2023
A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.
Divide By Zero
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c
CVE-2023-51107
7.5 - High
- December 26, 2023
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product.
Divide By Zero
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_
CVE-2023-51103
7.5 - High
- December 26, 2023
A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.
Divide By Zero
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0
CVE-2023-46751
7.5 - High
- December 06, 2023
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Dangling pointer
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability
CVE-2023-46361
6.5 - Medium
- October 31, 2023
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push
CVE-2023-31794
5.5 - Medium
- October 31, 2023
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Stack Exhaustion
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents
CVE-2023-43115
8.8 - High
- September 18, 2023
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
A flaw was found in ghostscript
CVE-2023-4042
5.5 - Medium
- August 23, 2023
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
Memory Corruption
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50
CVE-2020-21710
5.5 - Medium
- August 22, 2023
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.
Divide By Zero
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50
CVE-2020-21890
7.8 - High
- August 22, 2023
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.
Memory Corruption
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0
CVE-2020-21896
5.5 - Medium
- August 22, 2023
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.
Dangling pointer
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0
CVE-2020-26683
5.5 - Medium
- August 22, 2023
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.
Memory Leak
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript
CVE-2023-38559
5.5 - Medium
- August 01, 2023
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
Classic Buffer Overflow
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript
CVE-2023-38560
5.5 - Medium
- August 01, 2023
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
Integer Overflow or Wraparound
In MuJS before version 1.1.2
CVE-2021-33796
7.5 - High
- July 07, 2023
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
Dangling pointer
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
CVE-2023-36664
7.8 - High
- June 25, 2023
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1
CVE-2021-33797
9.8 - Critical
- April 17, 2023
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
Integer Overflow or Wraparound
In Artifex Ghostscript through 10.01.0
CVE-2023-28879
9.8 - Critical
- March 31, 2023
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Memory Corruption