Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ghostscript
(Artifex)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 115 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-03 | CVE-2024-29511 | Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd. | Ghostscript | N/A | ||
| 2024-07-03 | CVE-2024-29509 | Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. | Ghostscript | 8.8 | ||
| 2020-08-13 | CVE-2020-16296 | A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2020-08-13 | CVE-2020-17538 | A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2024-07-03 | CVE-2024-29508 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | Ghostscript | 3.3 | ||
| 2020-08-13 | CVE-2020-16291 | A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2017-04-27 | CVE-2017-8291 | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | Ghostscript, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.8 | ||
| 2020-08-13 | CVE-2020-16297 | A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2020-08-13 | CVE-2020-16304 | A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. | Ghostscript, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2023-03-31 | CVE-2023-28879 | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. | Ghostscript, Debian_linux | 9.8 |