CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2016-7976
https://notcve.org/view.php?id=CVE-2016-7976
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. PS Interpreter en Ghostscript 9.18 y 9.20 permite que atacantes remotos ejecuten código arbitrario mediante parámetros de usuario manipulados. • http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git%3Ba=commit%3Bh=6d444c273da5499a4cd72f21cb6d4c9a5256807d http://www.debian.org/security/2016/dsa-3691 http://www.openwall.com/lists/oss-security/2016/10/19/6 http://www.securityfocus.com/bid/95332 https://bugs.ghostscript.com/show_bug.cgi?id=697178 https://security.gentoo.org/glsa/201702-31 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8674
https://notcve.org/view.php?id=CVE-2016-8674
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file. La función pdf_to_num en pdf-object.c en MuPDF en versiones anteriores a 1.10 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación y bloqueo de aplicación) a través de un archivo manipulado. • http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec http://www.debian.org/security/2017/dsa-3797 http://www.openwall.com/lists/oss-security/2016/10/16/8 http://www.securityfocus.com/bid/93127 https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c https://bugs.ghostscript.com/show_bug.cgi?id=697015 https://bugs.ghostscript.com/show_bug.cgi?id=697019 https://bugzilla.redhat.com/show_bug.cgi?id& • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5896
https://notcve.org/view.php?id=CVE-2017-5896
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image. Desbordamiento de búfer basado en pila en la función fz_subsample_pixmap en fitz/pixmap.c en MuPDF 1.10a permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de una imagen manipulada. • http://git.ghostscript.com/?p=mupdf.git%3Bh=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 http://www.debian.org/security/2017/dsa-3797 http://www.openwall.com/lists/oss-security/2017/02/06/3 http://www.openwall.com/lists/oss-security/2017/02/07/1 http://www.securityfocus.com/bid/96139 https://bugs.ghostscript.com/show_bug.cgi?id=697515 https://security.gentoo.org/glsa/201702-12 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 2CVE-2017-5991 – Artifex MuPDF - Null Pointer Dereference
https://notcve.org/view.php?id=CVE-2017-5991
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. Se ha descubierto un problema en Artifex MuPDF antes de 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. La función pdf_run_xobject en pdf-op-run.c encuentra una derivación de puntero NULL durante una operación de pintura Fitz fz_paint_pixmap_with_mask. • https://www.exploit-db.com/exploits/42138 http://git.ghostscript.com/?p=mupdf.git%3Bh=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 http://www.debian.org/security/2017/dsa-3797 http://www.securityfocus.com/bid/96213 https://bugs.ghostscript.com/show_bug.cgi?id=697500 https://security.gentoo.org/glsa/201706-08 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9108
https://notcve.org/view.php?id=CVE-2016-9108
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Desbordamiento de entero en la función js_regcomp en regexp.c en Artifex Software, Inc. MuJS en versiones anteriores a commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e permite a atacantes provocar una denegación de servicio (caída de la aplicación) a través de una expresión regular manipulada. • http://www.openwall.com/lists/oss-security/2016/10/30/12 http://www.securityfocus.com/bid/96006 https://bugzilla.redhat.com/show_bug.cgi?id=1390266 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMPCTUBV2UUTSKAGVAW3EL6HJJWHRZQZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMI77FMFDWOTUUKKPTQLIB7JEXFTING4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4FE2LXVJM5PXHUGSFOT2KTA75O5ACV4 • CWE-190: Integer Overflow or Wraparound •