These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-8291 affects Artifex Ghostscript and is identified by CISA as a known exploited vulnerability. CISA’s KEV entry directs organizations to apply updates per vendor instructions, making this a priority for any environment that uses Ghostscript directly or through embedded software.
CVE-2013-5653 affects Ghostscript 9.10 and can defeat the expected -dSAFER sandboxing behavior in getenv and filenameforall, allowing data disclosure from crafted PostScript content. NVD classifies the issue as CWE-200 information disclosure with CVSS 5.5, and the record links to vendor and distro advisories and patches. Treat this as especially relevant anywhere Ghostscript processes untrusted documents.
CVE-2017-6196 is a Ghostscript memory-safety flaw in gx_image_enum_begin() that can trigger multiple use-after-free conditions when processing a crafted PostScript document. The practical impact described by the record is application crash/denial of service, with the possibility of unspecified additional impact. NVD rates the issue HIGH (CVSS 7.8).
CVE-2016-8674 is a medium-severity memory-safety flaw in MuPDF’s PDF parsing code. The issue is a use-after-free in pdf_to_num within pdf-object.c, and the documented impact is denial of service through an application crash when a crafted file is processed. NVD maps the issue to CWE-416 and rates it CVSS 5.5 with availability impact only. The safest remediation is to move off affected MuPDF releases and c [truncated]
CVE-2017-5896 is a denial-of-service vulnerability in MuPDF’s image handling path. The official record describes a heap-based buffer overflow in fz_subsample_pixmap() that can lead to an out-of-bounds read and crash when a crafted image is processed. The vulnerability was publicly disclosed on 2017-02-15, with patch and advisory references available in the surrounding February 2017 timeline.
CVE-2017-5628 affects Artifex Software’s MuJS JavaScript engine. A flaw in the MakeDay function in jsdate.c fails to validate the month value, which can lead to an integer overflow when parsing a specially crafted JavaScript file. NVD rates the issue High (CVSS 7.8), with local attack requirements and user interaction needed.
CVE-2017-5627 is a high-severity integer overflow in MuJS’s parser path. A crafted JavaScript file can trigger the flaw before commit 4006739a28367c708dea19aeb19b8a1a9326ce08, creating a memory-safety risk during parsing.
CVE-2016-9109 is a denial-of-service vulnerability in Artifex Software MuJS. According to the CVE record, attackers can trigger a crash through incomplete escape sequence handling, and the issue exists because a prior fix for CVE-2016-7563 was incomplete. The NVD assigns CWE-125 and a CVSS 3.0 score of 7.5, reflecting high availability impact with no confidentiality or integrity impact.
CVE-2016-7564 affects Artifex MuJS and is described as a heap-based buffer overflow in Fp_toString within jsfunction.c. The practical impact called out in the source corpus is denial of service through a crash when processing crafted input. Because the NVD vector is network-reachable, unauthenticated, and requires no user interaction, exposed MuJS deployments should treat this as a high-priority stability issue.
CVE-2016-7563 is a high-severity denial-of-service issue in Artifex MuJS. According to NVD, the chartorune function can perform an out-of-bounds read when a * (asterisk) appears at the end of the input, which can crash or otherwise disrupt the process handling the data. The issue is classified as CWE-125 and is reachable without privileges or user interaction per the CVSS vector.
CVE-2016-10141 is a critical integer overflow in MuJS regular-expression emission code. According to the CVE record, a specially crafted regular expression with nested repetition can trigger the flaw in regemit() inside regexp.c, with potential outcomes including code execution or denial of service. The vulnerable range is MuJS versions before commit fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045.