cbcvebase.

Artifex Ghostscript vulnerabilities

168 known vulnerabilities affecting artifex/ghostscript.

Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
3
Severity breakdown
CRITICAL23HIGH70MEDIUM73LOW2

Vulnerabilities

Page 3 of 9
CVE-2023-36664P3HIGHCVSS 7.8≤ 10.01.22023-06-25
CVE-2023-36664 [HIGH] CWE-552 CVE-2023-36664: Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pip Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
nvdosv
CVE-2009-0583P3CRITICALCVSS 9.3≥ 0, < 8.64~dfsg-1.12009-03-23
CVE-2009-0583 [CRITICAL] CVE-2009-0583: Multiple integer overflows in icc Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a
osv
CVE-2019-3839P3HIGHCVSS 7.8fixed in 9.272019-05-16
CVE-2019-3839 [HIGH] CWE-648 CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various places a It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
nvdosv
CVE-2018-19134P3HIGHCVSS 7.8≤ 9.252018-12-20
CVE-2018-19134 [HIGH] CWE-704 CVE-2018-19134: In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a
nvdosv
CVE-2019-10216P3HIGHCVSS 7.8fixed in 9.502019-11-27
CVE-2019-10216 [HIGH] CWE-648 CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
nvdosv
CVE-2009-0584P3CRITICALCVSS 9.3≥ 0, < 8.64~dfsg-1.12009-03-23
CVE-2009-0584 [CRITICAL] CVE-2009-0584: icc icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScri
osv
CVE-2009-0792P3CRITICALCVSS 9.3≥ 0, < 8.64~dfsg-1.12009-04-14
CVE-2009-0792 [CRITICAL] CVE-2009-0792: Multiple integer overflows in icc Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a
osv
CVE-2024-46956P3HIGHCVSS 7.8fixed in 10.04.02024-11-10
CVE-2024-46956 [HIGH] CWE-125 CVE-2024-46956: An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data acc An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
nvdosv
CVE-2018-15910P3HIGHCVSS 7.8fixed in 9.242018-08-27
CVE-2018-15910 [HIGH] CWE-704 CVE-2018-15910: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a ty In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
nvdosv
CVE-2020-16303P3HIGHCVSS 7.8v9.502020-08-13
CVE-2020-16303 [HIGH] CWE-416 CVE-2020-16303: A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Sof A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
nvdosv
CVE-2018-16863P3HIGHCVSS 7.8v9.072018-12-03
CVE-2018-16863 [HIGH] CVE-2018-16863: It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploi It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.
nvd
CVE-2023-46751P3HIGHCVSS 7.5≤ 10.02.02023-12-06
CVE-2023-46751 [HIGH] CWE-416 CVE-2023-46751: An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript thro An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
nvdosv
CVE-2024-46954P3HIGHCVSS 7.8fixed in 10.04.0fixed in 10.05.02024-11-10
CVE-2024-46954 [HIGH] CWE-22 CVE-2024-46954: An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Over An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
nvdosv
CVE-2024-46953P3HIGHCVSS 7.8fixed in 10.04.02024-11-10
CVE-2024-46953 [HIGH] CWE-190 CVE-2024-46953: An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflo An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
nvdosv
CVE-2018-15909P3HIGHCVSS 7.8≤ 9.232018-08-27
CVE-2018-15909 [HIGH] CWE-704 CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
nvdosv
CVE-2018-16802P3HIGHCVSS 7.8fixed in 9.252018-09-10
CVE-2018-16802 [HIGH] CVE-2018-16802: An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" che An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.
nvdosv
CVE-2018-15908P3HIGHCVSS 7.8≤ 9.232018-08-27
CVE-2018-15908 [HIGH] CVE-2018-15908: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript fil In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
nvdosv
CVE-2024-46951P3HIGHCVSS 7.8fixed in 10.04.02024-11-10
CVE-2024-46951 [HIGH] CWE-824 CVE-2024-46951: An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implemen An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
nvdosv
CVE-2012-4405P3MEDIUMCVSS 6.8≥ 0, < 9.05~dfsg-6.12012-09-18
CVE-2012-4405 [MEDIUM] CVE-2012-4405: Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9 Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScrip
osv
CVE-2007-6725P3HIGHCVSS 7.5≥ 0, < 8.63.dfsg.1-12009-04-08
CVE-2007-6725 [HIGH] CVE-2007-6725: The CCITTFax decoding filter in Ghostscript 8 The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
osv
Artifex Ghostscript vulnerabilities | cvebase