Artifex Afpl Ghostscript vulnerabilities

CVE-2013-5653 [MEDIUM] CWE-200 CVE-2013-5653: The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which all The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

CVE-2017-6196 [HIGH] CWE-416 CVE-2017-6196: Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Gh Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.

CVE-2015-3228 [MEDIUM] CWE-189 CVE-2015-3228: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earl Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

CVE-2010-4054 [MEDIUM] CWE-119 CVE-2010-4054: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

CVE-2009-3743 [CRITICAL] CWE-189 CVE-2009-3743: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript befo Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

CVE-2009-4897 [CRITICAL] CWE-119 CVE-2009-4897: Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

CVE-2010-2055 [HIGH] CWE-17 CVE-2010-2055: Ghostscript 8.71 and earlier reads initialization files from the current working directory, which al Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.