Aggregates CVE and security vulnerability intelligence across all Artifex-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk buffer overflow, vendor risk memory corruption, and vendor risk path handling; exposure may include vendor impact application crash in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-7233 | A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet. | [email protected] | 1.9 | 0.01% | 2026-04-28 | 2026-05-05 |
| CVE-2026-40505 | MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands. | [email protected] | 4.8 | 0.01% | 2026-04-16 | 2026-05-26 |
| CVE-2026-25556 | MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash | [email protected] | 5.9 | 0.02% | 2026-02-06 | 2026-02-24 |
| CVE-2025-55780 | A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain. | [email protected] | 7.5 | 0.05% | 2025-09-23 | 2025-10-08 |
| CVE-2025-59800 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. | [email protected] | 4.3 | 0.01% | 2025-09-22 | 2025-09-25 |
| CVE-2025-59799 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. | [email protected] | 4.3 | 0.01% | 2025-09-22 | 2025-11-03 |
| CVE-2025-59798 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | [email protected] | 4.3 | 0.01% | 2025-09-22 | 2025-11-03 |
| CVE-2025-46206 | An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion | [email protected] | 6.5 | 0.72% | 2025-08-04 | 2025-10-02 |
| CVE-2025-48708 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. | [email protected] | 4.0 | 0.01% | 2025-05-23 | 2025-06-20 |
| CVE-2025-46646 | In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954. | [email protected] | 4.5 | 0.09% | 2025-04-26 | 2025-06-23 |
| CVE-2025-27837 | An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. | [email protected] | 9.8 | 0.20% | 2025-03-25 | 2025-04-01 |
| CVE-2025-27836 | An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. | [email protected] | 9.8 | 0.17% | 2025-03-25 | 2025-11-03 |
| CVE-2025-27835 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. | [email protected] | 7.8 | 0.13% | 2025-03-25 | 2025-11-03 |
| CVE-2025-27834 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. | [email protected] | 7.8 | 0.11% | 2025-03-25 | 2025-04-01 |
| CVE-2025-27833 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. | [email protected] | 7.8 | 0.13% | 2025-03-25 | 2025-04-01 |
| CVE-2025-27832 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | [email protected] | 9.8 | 0.21% | 2025-03-25 | 2025-11-03 |
| CVE-2025-27831 | An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. | [email protected] | 9.8 | 0.17% | 2025-03-25 | 2025-11-03 |
| CVE-2025-27830 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. | [email protected] | 7.8 | 0.11% | 2025-03-25 | 2025-11-03 |
| CVE-2024-46657 | Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | [email protected] | 5.5 | 0.03% | 2024-12-10 | 2025-07-01 |
| CVE-2024-46956 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | [email protected] | 7.8 | 0.33% | 2024-11-10 | 2025-11-03 |