Artifex Artifex

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Artifex product.

RSS Feeds for Artifex security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Artifex products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Artifex Sorted by Most Security Vulnerabilities since 2018

Artifex Ghostscript107 vulnerabilities

Artifex Mupdf49 vulnerabilities

Artifex Mujs15 vulnerabilities

Artifex Gpl Ghostscript9 vulnerabilities

Artifex Jbig2dec3 vulnerabilities

Artifex Ghostpcl1 vulnerability

Known Exploited Artifex Vulnerabilities

The following Artifex vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Artifex Ghostscript Type Confusion Vulnerability Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.
CVE-2017-8291 Exploit Probability: 92.5%
May 24, 2022

The vulnerability CVE-2017-8291: Artifex Ghostscript Type Confusion Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2025 there have been 10 vulnerabilities in Artifex with an average score of 3.3 out of ten. Last year, in 2024 Artifex had 20 security vulnerabilities published. Right now, Artifex is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 4.22




Year Vulnerabilities Average Score
2025 10 3.30
2024 20 7.52
2023 20 7.08
2022 12 7.02
2021 5 6.30
2020 31 6.07
2019 19 7.60
2018 48 6.88

It may take a day or so for new Artifex vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Artifex Security Vulnerabilities

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case

CVE-2025-48708 3.3 - Low - May 23, 2025

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

Improper Removal of Sensitive Information Before Storage or Transfer

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding

CVE-2025-46646 - April 26, 2025

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27830 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27831 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27832 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27833 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27834 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27835 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27836 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

An issue was discovered in Artifex Ghostscript before 10.05.0

CVE-2025-27837 - March 25, 2025

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

Artifex Software MuPDF Segmentation Fault Vulnerability in pdfextract Component

CVE-2024-46657 - December 10, 2024

Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Ghostscript PDF XRef Buffer Overflow

CVE-2024-46952 7.8 - High - November 10, 2024

An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).

Classic Buffer Overflow

Ghostscript 10.03 Path Traversal Overflow

CVE-2024-46953 7.8 - High - November 10, 2024

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

Integer Overflow or Wraparound

Ghostscript 10.03.1 UTF-8 Traversal Flaw

CVE-2024-46954 7.8 - High - November 10, 2024

An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.

Directory traversal

Ghostscript 10.03 Indexed Color OOB Read

CVE-2024-46955 5.5 - Medium - November 10, 2024

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

Out-of-bounds Read

Ghostscript 10.03 Out-of-Bounds Access

CVE-2024-46956 7.8 - High - November 10, 2024

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

Out-of-bounds Read

Ghostscript 10.03 Pattern Color Space RCE

CVE-2024-46951 7.8 - High - November 10, 2024

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.

Access of Uninitialized Pointer

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow

CVE-2024-29507 - July 03, 2024

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.

Artifex Ghostscript before 10.03.1

CVE-2024-29510 - July 03, 2024

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue

CVE-2024-29511 - July 03, 2024

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

An issue was discovered in Artifex Ghostscript before 10.03.1

CVE-2024-33869 - July 03, 2024

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.

An issue was discovered in Artifex Ghostscript before 10.03.1

CVE-2024-33870 - July 03, 2024

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

An issue was discovered in Artifex Ghostscript before 10.03.1

CVE-2024-33871 - July 03, 2024

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function

CVE-2024-29506 8.8 - High - July 03, 2024

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.

Memory Corruption

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

CVE-2024-29508 3.3 - Low - July 03, 2024

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g

CVE-2024-29509 8.8 - High - July 03, 2024

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.

Memory Corruption

An issue was discovered in Artifex Ghostscript before 10.03.1

CVE-2023-52722 - April 28, 2024

An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.

freeglut through 3.4.0 was discovered to contain a memory leak

CVE-2024-24259 7.5 - High - February 05, 2024

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

Memory Leak

freeglut 3.4.0 was discovered to contain a memory leak

CVE-2024-24258 7.5 - High - February 05, 2024

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

Memory Leak

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite)

CVE-2020-36773 9.8 - Critical - February 04, 2024

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

Memory Corruption

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.

CVE-2023-51104 7.5 - High - December 26, 2023

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.

Divide By Zero

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.

CVE-2023-51105 7.5 - High - December 26, 2023

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.

Divide By Zero

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.

CVE-2023-51106 7.5 - High - December 26, 2023

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.

Divide By Zero

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c

CVE-2023-51107 7.5 - High - December 26, 2023

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product.

Divide By Zero

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_

CVE-2023-51103 7.5 - High - December 26, 2023

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c.

Divide By Zero

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0

CVE-2023-46751 7.5 - High - December 06, 2023

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

Dangling pointer

Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability

CVE-2023-46361 6.5 - Medium - October 31, 2023

Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push

CVE-2023-31794 5.5 - Medium - October 31, 2023

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Stack Exhaustion

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents

CVE-2023-43115 8.8 - High - September 18, 2023

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).

A flaw was found in ghostscript

CVE-2023-4042 5.5 - Medium - August 23, 2023

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

Memory Corruption

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50

CVE-2020-21710 5.5 - Medium - August 22, 2023

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.

Divide By Zero

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50

CVE-2020-21890 7.8 - High - August 22, 2023

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.

Memory Corruption

A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0

CVE-2020-21896 5.5 - Medium - August 22, 2023

A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.

Dangling pointer

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0

CVE-2020-26683 5.5 - Medium - August 22, 2023

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.

Memory Leak

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript

CVE-2023-38559 5.5 - Medium - August 01, 2023

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

Classic Buffer Overflow

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript

CVE-2023-38560 5.5 - Medium - August 01, 2023

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.

Integer Overflow or Wraparound

In MuJS before version 1.1.2

CVE-2021-33796 7.5 - High - July 07, 2023

In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.

Dangling pointer

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

CVE-2023-36664 7.8 - High - June 25, 2023

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1

CVE-2021-33797 9.8 - Critical - April 17, 2023

Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.

Integer Overflow or Wraparound

In Artifex Ghostscript through 10.01.0

CVE-2023-28879 9.8 - Critical - March 31, 2023

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.