Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ghostscript
(Artifex)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 109 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-10 | CVE-2024-46956 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 7.8 | ||
| 2024-11-10 | CVE-2024-46951 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 7.8 | ||
| 2024-11-10 | CVE-2024-46953 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 7.8 | ||
| 2024-11-10 | CVE-2024-46952 | An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). | Ghostscript, Debian_linux | 7.8 | ||
| 2024-11-10 | CVE-2024-46955 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 5.5 | ||
| 2024-11-10 | CVE-2024-46954 | An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. | Ghostscript | 7.8 | ||
| 2022-08-19 | CVE-2020-27792 | A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | Ghostscript, Debian_linux | 7.1 | ||
| 2023-08-01 | CVE-2023-38559 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | Ghostscript, Debian_linux, Fedora, Enterprise_linux | 5.5 | ||
| 2018-09-06 | CVE-2018-16585 | An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat... | Ghostscript, Ubuntu_linux, Debian_linux | 7.8 | ||
| 2024-07-03 | CVE-2024-29506 | Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. | Ghostscript | 8.8 |