cbcvebase.

Artifex Ghostscript vulnerabilities

168 known vulnerabilities affecting artifex/ghostscript.

Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
3
Severity breakdown
CRITICAL23HIGH70MEDIUM73LOW2

Vulnerabilities

Page 1 of 9
CVE-2017-8291P1HIGHCVSS 7.8KEVPoCfixed in 9.212017-04-27
CVE-2017-8291 [HIGH] CWE-843 CVE-2017-8291: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdpa Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
nvdosv
CVE-2018-16509P1HIGHCVSS 7.8ExploitedPoCfixed in 9.24v9.072018-09-05
CVE-2018-16509 [HIGH] CWE-184 CVE-2018-16509: An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" che An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
nvdosv
CVE-2024-29510P1MEDIUMCVSS 6.3ExploitedPoCfixed in 10.03.12024-07-03
CVE-2024-29510 [MEDIUM] CWE-693 CVE-2024-29510: Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format st Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
nvdosv
CVE-2021-3781P2CRITICALCVSS 9.9v9.50v9.52+3 more2022-02-16
CVE-2021-3781 [CRITICAL] CWE-20 CVE-2021-3781: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript inter A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidential
nvdosv
CVE-2019-6116P2HIGHCVSS 7.8PoC≤ 9.262019-03-21
CVE-2019-6116 [HIGH] CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system op In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
nvdosv
CVE-2010-1869P3CRITICALCVSS 9.3PoC≥ 0, < 8.71~dfsg-42010-05-12
CVE-2010-1869 [CRITICAL] CVE-2010-1869: Stack-based buffer overflow in the parser function in GhostScript 8 Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.
osv
CVE-2018-17961P3HIGHCVSS 8.6PoCfixed in 9.252018-10-15
CVE-2018-17961 [HIGH] CVE-2018-17961: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via v Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
nvdosv
CVE-2019-14813P2CRITICALCVSS 9.8≥ 9.00, ≤ 9.502019-09-06
CVE-2019-14813 [CRITICAL] CWE-648 CVE-2019-14813: A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
nvdosv
CVE-2016-7976P2HIGHCVSS 8.8v9.18v9.202017-08-07
CVE-2016-7976 [HIGH] CWE-20 CVE-2016-7976: The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code vi The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.
nvdosv
CVE-2008-0411P3MEDIUMCVSS 6.8PoC≥ 0, < 8.61.dfsg.1-1.12008-02-28
CVE-2008-0411 [MEDIUM] CVE-2008-0411: Stack-based buffer overflow in the zseticcspace function in zicc Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
osv
CVE-2023-43115P2HIGHCVSS 8.8≤ 10.01.22023-09-18
CVE-2023-43115 [HIGH] CVE-2023-43115: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must exe
nvdosv
CVE-2016-7979P3CRITICALCVSS 9.8≤ 9.202017-05-23
CVE-2016-7979 [CRITICAL] CWE-704 CVE-2016-7979: Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism a Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
nvdosv
CVE-2023-28879P3CRITICALCVSS 9.8fixed in 10.01.02023-03-31
CVE-2023-28879 [CRITICAL] CWE-787 CVE-2023-28879: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption o In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are w
nvdosv
CVE-2025-27837P3CRITICALCVSS 9.8fixed in 10.05.02025-03-25
CVE-2025-27837 [CRITICAL] CWE-22 CVE-2025-27837: An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur t An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
nvdosv
CVE-2016-7978P3CRITICALCVSS 9.8v9.202017-05-23
CVE-2016-7978 [CRITICAL] CWE-416 CVE-2016-7978: Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary c Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
nvdosv
CVE-2025-27831P3CRITICALCVSS 9.8fixed in 10.05.02025-03-25
CVE-2025-27831 [CRITICAL] CWE-120 CVE-2025-27831: An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a t An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
nvdosv
CVE-2019-14869P3HIGHCVSS 8.8≥ 9.00, < 9.502019-11-15
CVE-2019-14869 [HIGH] CWE-648 CVE-2019-14869: A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, wh A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access fi
nvdosv
CVE-2025-27832P3CRITICALCVSS 9.8fixed in 10.05.02025-03-25
CVE-2025-27832 [CRITICAL] CWE-120 CVE-2025-27832: An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buf An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
nvdosv
CVE-2018-18284P3HIGHCVSS 8.6≤ 9.252018-10-19
CVE-2018-18284 [HIGH] CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via v Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
nvdosv
CVE-2025-27836P3CRITICALCVSS 9.8fixed in 10.05.02025-03-25
CVE-2025-27836 [CRITICAL] CWE-120 CVE-2025-27836: An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer o An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
nvdosv
Artifex Ghostscript vulnerabilities | cvebase