Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ghostscript
(Artifex)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 109 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-06 | CVE-2023-46751 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | Ghostscript | 7.5 | ||
| 2024-02-04 | CVE-2020-36773 | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | Ghostscript | 9.8 | ||
| 2024-07-03 | CVE-2024-29508 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | Ghostscript | 3.3 | ||
| 2024-07-03 | CVE-2024-29506 | Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. | Ghostscript | 8.8 | ||
| 2024-07-03 | CVE-2024-29509 | Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. | Ghostscript | 8.8 | ||
| 2024-11-10 | CVE-2024-46956 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 7.8 | ||
| 2024-11-10 | CVE-2024-46951 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 7.8 | ||
| 2024-11-10 | CVE-2024-46953 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 7.8 | ||
| 2024-11-10 | CVE-2024-46952 | An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). | Ghostscript, Debian_linux | 7.8 | ||
| 2024-11-10 | CVE-2024-46955 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | Ghostscript, Debian_linux, Linux_enterprise_high_performance_computing, Linux_enterprise_server, Linux_enterprise_server_for_sap | 5.5 |