Product:

Ghostscript

(Artifex)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 112
Date Id Summary Products Score Patch Annotated
2022-08-19 CVE-2020-27792 A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. Ghostscript, Debian_linux 7.1
2024-07-03 CVE-2024-29507 Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. Ghostscript N/A
2024-07-03 CVE-2024-29510 Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Ghostscript N/A
2024-07-03 CVE-2024-29511 Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd. Ghostscript N/A
2024-07-03 CVE-2024-29509 Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. Ghostscript 8.8
2020-08-13 CVE-2020-16296 A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Ghostscript, Ubuntu_linux, Debian_linux 5.5
2020-08-13 CVE-2020-17538 A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Ghostscript, Ubuntu_linux, Debian_linux 5.5
2024-07-03 CVE-2024-29508 Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. Ghostscript 3.3
2020-08-13 CVE-2020-16291 A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Ghostscript, Ubuntu_linux, Debian_linux 5.5
2017-04-27 CVE-2017-8291 Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Ghostscript, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation 7.8