Skip to main content

Ghostscript

108 CVEs product

Monthly

CVE-2016-7976 HIGH POC THREAT Act Now

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.8%.

RCE Ghostscript
NVD
CVSS 3.0
8.8
EPSS
46.8%
Threat
4.7
CVE-2017-11714 HIGH PATCH This Week

psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Ghostscript Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-9835 HIGH POC This Week

The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Ghostscript Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-9611 HIGH POC This Week

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ghostscript Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-7979 CRITICAL PATCH Act Now

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Ghostscript
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-7978 CRITICAL PATCH Act Now

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE Ghostscript
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-7977 MEDIUM PATCH This Month

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2017-8908 MEDIUM PATCH This Month

The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-7948 HIGH POC This Week

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Ghostscript
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8602 HIGH PATCH This Week

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Ghostscript
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-10317 HIGH POC This Week

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2017-5951 MEDIUM POC This Month

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-10220 MEDIUM POC This Month

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2016-10219 MEDIUM POC This Month

The intersect function in base/gxfill.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-10218 MEDIUM POC This Month

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-10217 MEDIUM POC This Month

The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2017-7207 MEDIUM PATCH This Month

The mem_get_bits_rectangle function in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2012-4405 MEDIUM This Month

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.4% and no vendor patch available.

Buffer Overflow Denial Of Service RCE Cms Icclib +1
NVD
CVSS 2.0
6.8
EPSS
35.4%
EPSS 47% 4.7 CVSS 8.8
HIGH POC THREAT Act Now

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.8%.

RCE Ghostscript
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Ghostscript
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free RCE +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Ghostscript
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The intersect function in base/gxfill.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The mem_get_bits_rectangle function in Artifex Software, Inc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ghostscript
NVD
EPSS 35% CVSS 6.8
MEDIUM This Month

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 35.4% and no vendor patch available.

Buffer Overflow Denial Of Service RCE +3
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy