Skip to main content

Ghostscript

108 CVEs product

Monthly

CVE-2025-59800 MEDIUM PATCH This Month

In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59799 MEDIUM PATCH This Month

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-59798 MEDIUM PATCH Monitor

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-48708 MEDIUM PATCH Monitor

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-46646 MEDIUM PATCH This Month

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required.

Information Disclosure Ghostscript Red Hat Suse
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-27837 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-27836 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27835 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27834 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27833 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27832 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-27831 CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-27830 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-29511 HIGH This Week

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ghostscript
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-29507 MEDIUM This Month

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ghostscript
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2024-29509 HIGH This Week

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ghostscript
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-29508 LOW Monitor

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ghostscript
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2024-29506 HIGH This Week

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ghostscript
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-46751 HIGH This Week

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Ghostscript
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-43115 HIGH This Week

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ghostscript Fedora
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2023-4042 MEDIUM This Month

A flaw was found in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Red Hat Ghostscript Codeready Linux Builder +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38560 MEDIUM PATCH This Month

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Ghostscript
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38559 MEDIUM PATCH This Month

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Ghostscript Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36664 HIGH This Week

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ghostscript Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2023-28879 CRITICAL POC Act Now

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Debian Linux
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2022-2085 MEDIUM POC PATCH This Month

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Ghostscript Fedora
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2020-14373 MEDIUM POC PATCH This Month

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Ghostscript Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-17538 MEDIUM POC This Month

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16310 MEDIUM POC This Month

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16309 MEDIUM POC This Month

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16308 MEDIUM POC This Month

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16307 MEDIUM POC This Month

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16306 MEDIUM POC This Month

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16305 MEDIUM POC This Month

A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16304 MEDIUM POC This Month

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16303 HIGH POC This Week

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-16302 MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16301 MEDIUM POC This Month

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16300 MEDIUM POC This Month

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16299 MEDIUM POC This Month

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16298 MEDIUM POC This Month

A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16297 MEDIUM POC PATCH This Month

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16296 MEDIUM POC This Month

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2020-16295 MEDIUM POC This Month

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16294 MEDIUM POC This Month

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16293 MEDIUM POC This Month

A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16292 MEDIUM POC This Month

A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16291 MEDIUM POC PATCH This Month

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16290 MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16289 MEDIUM POC This Month

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16288 MEDIUM POC This Month

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16287 MEDIUM POC This Month

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-15900 CRITICAL PATCH Act Now

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-14812 HIGH This Week

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Fedora
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-10216 HIGH PATCH This Week

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ghostscript 3Scale Api Management Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-14869 HIGH PATCH This Week

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Fedora Leap
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-14813 CRITICAL PATCH Act Now

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Openshift Container Platform Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
9.8
EPSS
11.4%
CVE-2019-14817 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-14811 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2019-3839 HIGH PATCH This Week

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Debian Linux Leap Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-3838 MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3835 MEDIUM This Month

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-6116 HIGH POC PATCH THREAT This Week

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Ghostscript Fedora Ubuntu Linux Debian Linux +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
43.9%
CVE-2018-19134 HIGH POC This Week

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ghostscript Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-16863 HIGH PATCH This Week

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Red Hat Authentication Bypass Ghostscript Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-19477 HIGH POC PATCH This Week

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-19476 HIGH POC PATCH This Week

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-19475 HIGH POC PATCH This Week

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
9.5%
CVE-2018-19409 CRITICAL Act Now

An issue was discovered in Artifex Ghostscript before 9.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2018-18284 HIGH POC PATCH THREAT This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Gpl Ghostscript +7
NVD
CVSS 3.0
8.6
EPSS
16.3%
CVE-2018-18073 MEDIUM PATCH This Month

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
6.3
EPSS
2.7%
CVE-2018-17961 HIGH POC PATCH This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
10.0%
CVE-2018-17183 HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-16802 HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2018-16585 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Red Hat Buffer Overflow Ghostscript Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-16543 HIGH This Week

In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-16542 MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-16541 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16540 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Openshift Container Platform +9
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-16539 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16513 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghostscript Ubuntu Linux Debian Linux Gpl Ghostscript +1
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-16511 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-16510 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ghostscript Ubuntu Linux Gpl Ghostscript
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-16509 HIGH POC THREAT Act Now

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
92.5%
CVE-2018-15911 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15910 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15909 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15908 HIGH This Week

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-11645 MEDIUM PATCH This Month

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript
NVD
CVSS 3.0
5.3
EPSS
2.6%
CVE-2018-10194 HIGH This Week

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ghostscript Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
7.8
EPSS
1.9%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Ghostscript +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Stack Overflow Ghostscript +2
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH Monitor

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 4.5
MEDIUM PATCH This Month

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. Rated medium severity (CVSS 4.5), this vulnerability is no authentication required.

Information Disclosure Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 10.05.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ghostscript Red Hat +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ghostscript
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ghostscript
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ghostscript
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Ghostscript
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ghostscript
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +1
NVD
EPSS 5% CVSS 8.8
HIGH This Week

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ghostscript Fedora
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Red Hat +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Ghostscript
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service +4
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ghostscript +2
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ghostscript +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Ghostscript +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ghostscript +2
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ghostscript Debian Linux +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH This Week

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Fedora
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ghostscript 3Scale Api Management +7
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Fedora +1
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Openshift Container Platform +10
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform +3
NVD
EPSS 4% CVSS 7.8
HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform +3
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Debian Linux +4
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower +10
NVD
EPSS 3% CVSS 5.5
MEDIUM This Month

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ansible Tower +9
NVD
EPSS 44% CVSS 7.8
HIGH POC PATCH THREAT This Week

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Ghostscript Fedora +9
NVD Exploit-DB
EPSS 3% CVSS 7.8
HIGH POC This Week

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ghostscript Debian Linux +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Red Hat Authentication Bypass Ghostscript +6
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 10% CVSS 7.8
HIGH POC PATCH This Week

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Artifex Ghostscript before 9.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux +6
NVD
EPSS 16% CVSS 8.6
HIGH POC PATCH THREAT This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +9
NVD
EPSS 3% CVSS 6.3
MEDIUM PATCH This Month

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Debian Linux +7
NVD
EPSS 10% CVSS 8.6
HIGH POC PATCH This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ghostscript Debian Linux +7
NVD Exploit-DB
EPSS 2% CVSS 7.8
HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Red Hat Buffer Overflow Ghostscript +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ubuntu Linux +1
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript +7
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +9
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +11
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ghostscript Ubuntu Linux +3
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ghostscript +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ghostscript Ubuntu Linux +1
NVD
EPSS 92% CVSS 7.8
HIGH POC THREAT Act Now

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Ghostscript +6
NVD Exploit-DB
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +7
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 2% CVSS 7.8
HIGH This Week

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Debian Linux +6
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript
NVD
EPSS 2% CVSS 7.8
HIGH This Week

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ghostscript +8
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy