Artifex Ghostscript vulnerabilities
128 known vulnerabilities affecting artifex/ghostscript.
Total CVEs
128
CISA KEV
1
actively exploited
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL12HIGH56MEDIUM58LOW2
Vulnerabilities
Page 3 of 7
CVE-2019-25059HIGHCVSS 7.8≤ 9.262022-04-25
CVE-2019-25059 [HIGH] CVE-2019-25059: Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an inc
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
nvd
CVE-2021-3781CRITICALCVSS 9.9v9.50v9.52+2 more2022-02-16
CVE-2021-3781 [CRITICAL] CWE-20 CVE-2021-3781: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript inter
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidential
nvd
CVE-2021-45944MEDIUMCVSS 5.5≥ 9.50, ≤ 9.53.32022-01-01
CVE-2021-45944 [MEDIUM] CWE-416 CVE-2021-45944: Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sa
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
nvd
CVE-2021-45949MEDIUMCVSS 5.5≥ 9.50, ≤ 9.54.02022-01-01
CVE-2021-45949 [MEDIUM] CWE-787 CVE-2021-45949: Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (ca
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
nvd
CVE-2020-14373MEDIUMCVSS 5.5v9.252020-09-03
CVE-2020-14373 [MEDIUM] CWE-416 CVE-2020-14373: A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attac
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
nvd
CVE-2020-16303HIGHCVSS 7.8v9.502020-08-13
CVE-2020-16303 [HIGH] CWE-416 CVE-2020-16303: A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Sof
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16305MEDIUMCVSS 5.5v9.502020-08-13
CVE-2020-16305 [MEDIUM] CWE-787 CVE-2020-16305: A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16294MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16294 [MEDIUM] CWE-120 CVE-2020-16294: A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software Ghost
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16300MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16300 [MEDIUM] CWE-787 CVE-2020-16300: A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software Gho
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16308MEDIUMCVSS 5.5fixed in 9.52v9.502020-08-13
CVE-2020-16308 [MEDIUM] CWE-787 CVE-2020-16308: A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScr
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16289MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16289 [MEDIUM] CWE-787 CVE-2020-16289: A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostSc
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16288MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16288 [MEDIUM] CWE-120 CVE-2020-16288: A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16302MEDIUMCVSS 5.5v9.502020-08-13
CVE-2020-16302 [MEDIUM] CWE-120 CVE-2020-16302: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software G
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-17538MEDIUMCVSS 5.5≥ 9.18, < 9.522020-08-13
CVE-2020-17538 [MEDIUM] CWE-787 CVE-2020-17538: A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16299MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16299 [MEDIUM] CWE-369 CVE-2020-16299: A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Soft
A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16301MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16301 [MEDIUM] CWE-120 CVE-2020-16301: A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software Gh
A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16309MEDIUMCVSS 5.5v9.502020-08-13
CVE-2020-16309 [MEDIUM] CWE-787 CVE-2020-16309: A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software Gh
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.
nvd
CVE-2020-16287MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16287 [MEDIUM] CWE-787 CVE-2020-16287: A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software G
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16298MEDIUMCVSS 5.5fixed in 9.522020-08-13
CVE-2020-16298 [MEDIUM] CWE-120 CVE-2020-16298: A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Softw
A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvd
CVE-2020-16306MEDIUMCVSS 5.5v9.502020-08-13
CVE-2020-16306 [MEDIUM] CWE-476 CVE-2020-16306: A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
nvd