Filtered by vendor Artifex
Subscriptions
Filtered by product Ghostscript
Subscriptions
Total
109 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-15909 | 5 Artifex, Canonical, Debian and 2 more | 12 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 9 more | 2024-11-21 | N/A |
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | ||||
CVE-2018-15908 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | N/A |
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | ||||
CVE-2018-11645 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | ||||
CVE-2018-10194 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | N/A |
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||||
CVE-2017-9835 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | N/A |
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | ||||
CVE-2017-9611 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | 7.8 High |
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | ||||
CVE-2017-8908 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A |
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. | ||||
CVE-2017-8291 | 3 Artifex, Debian, Redhat | 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | ||||
CVE-2017-7948 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A |
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | ||||
CVE-2017-7207 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | ||||
CVE-2017-5951 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A |
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | ||||
CVE-2017-15652 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A |
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well. | ||||
CVE-2017-11714 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | N/A |
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. | ||||
CVE-2016-8602 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | ||||
CVE-2016-7979 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | ||||
CVE-2016-7978 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | ||||
CVE-2016-7977 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | N/A |
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. | ||||
CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A |
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | ||||
CVE-2016-10317 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A |
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. | ||||
CVE-2016-10220 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A |
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. |