Filtered by vendor Artifex Subscriptions
Filtered by product Ghostscript Subscriptions
Total 109 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-15909 5 Artifex, Canonical, Debian and 2 more 12 Ghostscript, Gpl Ghostscript, Ubuntu Linux and 9 more 2024-11-21 N/A
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
CVE-2018-15908 4 Artifex, Canonical, Debian and 1 more 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more 2024-11-21 N/A
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
CVE-2018-11645 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2024-11-21 N/A
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
CVE-2018-10194 4 Artifex, Canonical, Debian and 1 more 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more 2024-11-21 N/A
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE-2017-9835 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-11-21 N/A
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2017-9611 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-11-21 7.8 High
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
CVE-2017-8908 1 Artifex 1 Ghostscript 2024-11-21 N/A
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.
CVE-2017-8291 3 Artifex, Debian, Redhat 9 Ghostscript, Debian Linux, Enterprise Linux and 6 more 2024-11-21 7.8 High
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVE-2017-7948 1 Artifex 1 Ghostscript 2024-11-21 N/A
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2017-7207 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2024-11-21 N/A
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
CVE-2017-5951 1 Artifex 1 Ghostscript 2024-11-21 N/A
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-15652 1 Artifex 1 Ghostscript 2024-11-21 N/A
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.
CVE-2017-11714 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-11-21 N/A
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
CVE-2016-8602 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2024-11-21 N/A
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
CVE-2016-7979 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2024-11-21 N/A
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVE-2016-7978 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2024-11-21 N/A
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVE-2016-7977 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2024-11-21 N/A
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
CVE-2016-7976 1 Artifex 1 Ghostscript 2024-11-21 N/A
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.
CVE-2016-10317 1 Artifex 1 Ghostscript 2024-11-21 N/A
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVE-2016-10220 1 Artifex 1 Ghostscript 2024-11-21 N/A
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.