CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21896
https://notcve.org/view.php?id=CVE-2020-21896
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file. • https://bugs.ghostscript.com/show_bug.cgi?id=701294 http://www.ghostscript.com/cgi-bin/findgit.cgi?8719e07834d6a72b6b4131539e49ed1e8e2ff79e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26683
https://notcve.org/view.php?id=CVE-2020-26683
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. Un problema de pérdida de memoria descubierto en /pdf/pdf-font-add.c en MuPDF 1.17.0 de Artifex Software permite a los atacantes obtener información confidencial. • https://bugs.ghostscript.com/show_bug.cgi?id=702566 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=05720b4ee3dbae57e65546dc2eecc3021c08eeea • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38560 – Ghostscript: integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name
https://notcve.org/view.php?id=CVE-2023-38560
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. Se ha encontrado un fallo de desbordamiento de enteros en pcl/pl/plfont.c:418 en pl_glyph_name en ghostscript. Este problema puede permitir a un atacante local provocar una denegación de servicio mediante la transformación de un archivo PCL manipulado en formato PDF. • https://access.redhat.com/security/cve/CVE-2023-38560 https://bugs.ghostscript.com/show_bug.cgi?id=706898 https://bugzilla.redhat.com/show_bug.cgi?id=2224368 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38559 – Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos
https://notcve.org/view.php?id=CVE-2023-38559
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Se ha encontrado un fallo de desbordamiento de búfer en base/gdevdevn.c:1973 en devn_pcx_write_rle() en ghostscript. Este problema puede permitir a un atacante local provocar una denegación de servicio mediante la salida de un archivo PDF manipulado para un dispositivo DEVN con gs. • https://access.redhat.com/errata/RHSA-2023:6544 https://access.redhat.com/errata/RHSA-2023:7053 https://access.redhat.com/security/cve/CVE-2023-38559 https://bugs.ghostscript.com/show_bug.cgi?id=706897 https://bugzilla.redhat.com/show_bug.cgi?id=2224367 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33796
https://notcve.org/view.php?id=CVE-2021-33796
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. • https://github.com/ccxvii/mujs/commit/7ef066a3bb95bf83e7c5be50d859e62e58fe8515 • CWE-416: Use After Free •