Total
129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7977 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. | |||||
| CVE-2016-8602 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | |||||
| CVE-2017-7948 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | |||||
| CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | |||||
| CVE-2017-7207 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | |||||
| CVE-2017-8291 | 3 Artifex, Debian, Redhat | 8 Ghostscript, Debian Linux, Enterprise Linux Desktop and 5 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | |||||
| CVE-2016-10217 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. | |||||
| CVE-2017-11714 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | |||||
| CVE-2016-10218 | 1 Artifex | 1 Ghostscript | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||||
| CVE-2017-9611 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2024-33869 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 5.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. | |||||
| CVE-2024-33870 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 6.3 MEDIUM |
| An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. | |||||
| CVE-2024-33871 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 8.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. | |||||
| CVE-2025-27830 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. | |||||
| CVE-2025-27831 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. | |||||
| CVE-2025-27832 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | |||||
| CVE-2025-27833 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. | |||||
| CVE-2025-27834 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. | |||||
| CVE-2025-27835 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. | |||||
| CVE-2025-27836 | 1 Artifex | 1 Ghostscript | 2025-04-01 | N/A | 9.8 CRITICAL |
| An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. | |||||