Skip to main content

Afpl Ghostscript

3 CVEs product

Monthly

CVE-2013-5653 MEDIUM PATCH This Month

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Afpl Ghostscript Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6196 HIGH PATCH This Week

Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Afpl Ghostscript
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2015-3228 MEDIUM This Month

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Afpl Ghostscript
NVD
CVSS 2.0
6.8
EPSS
1.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Afpl Ghostscript Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Afpl Ghostscript
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy