Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ghostscript
(Artifex)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 109 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-11-27 | CVE-2019-14812 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | Ghostscript, Fedora | 7.8 | ||
2022-04-25 | CVE-2019-25059 | Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. | Ghostscript, Debian_linux | 7.8 | ||
2018-12-03 | CVE-2018-16863 | It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. | Ghostscript, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
2017-05-12 | CVE-2017-8908 | The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. | Ghostscript | 5.5 | ||
2017-03-21 | CVE-2017-7207 | The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | Ghostscript | 5.5 | ||
2017-04-03 | CVE-2017-5951 | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | Ghostscript | 5.5 | ||
2017-05-23 | CVE-2016-7978 | Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | Ghostscript | 9.8 | ||
2017-04-03 | CVE-2016-10317 | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. | Ghostscript | 7.8 | ||
2017-04-03 | CVE-2016-10220 | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. | Ghostscript | 5.5 | ||
2017-04-03 | CVE-2016-10219 | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | Ghostscript | 5.5 |