Vulnerabilities (CVE)

Filtered by vendor Artifex Subscribe
Filtered by product Ghostscript
Total 100 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-19476 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVE-2018-10194 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2018-11645 1 Artifex 1 Ghostscript 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
CVE-2017-9611 2 Artifex, Debian 2 Ghostscript, Debian Linux 2023-12-10 6.8 MEDIUM 7.8 HIGH
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2016-7976 1 Artifex 1 Ghostscript 2023-12-10 6.8 MEDIUM 8.8 HIGH
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.
CVE-2017-11714 2 Artifex, Debian 2 Ghostscript, Debian Linux 2023-12-10 6.8 MEDIUM 7.8 HIGH
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2017-9835 2 Artifex, Debian 2 Ghostscript, Debian Linux 2023-12-10 6.8 MEDIUM 7.8 HIGH
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2016-8602 1 Artifex 1 Ghostscript 2023-12-10 6.8 MEDIUM 7.8 HIGH
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
CVE-2016-7979 1 Artifex 1 Ghostscript 2023-12-10 7.5 HIGH 9.8 CRITICAL
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVE-2016-7977 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
CVE-2017-5951 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-7207 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
CVE-2017-7948 1 Artifex 1 Ghostscript 2023-12-10 6.8 MEDIUM 7.8 HIGH
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2016-7978 1 Artifex 1 Ghostscript 2023-12-10 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVE-2016-10218 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2016-10217 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.
CVE-2016-10317 1 Artifex 1 Ghostscript 2023-12-10 6.8 MEDIUM 7.8 HIGH
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2016-10220 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.
CVE-2017-8908 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.
CVE-2016-10219 1 Artifex 1 Ghostscript 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.