Artifex Ghostscript vulnerabilities

CVE-2020-16310 [MEDIUM] CWE-369 CVE-2020-16310: A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software Gho A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16297 [MEDIUM] CWE-787 CVE-2020-16297: A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Softw A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16293 [MEDIUM] CWE-476 CVE-2020-16293: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_comm A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16304 [MEDIUM] CWE-787 CVE-2020-16304: A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Softwar A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.

CVE-2020-16295 [MEDIUM] CWE-476 CVE-2020-16295: A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Softwar A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16292 [MEDIUM] CWE-787 CVE-2020-16292: A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16290 [MEDIUM] CWE-787 CVE-2020-16290: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software G A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16296 [MEDIUM] CWE-787 CVE-2020-16296: A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16291 [MEDIUM] CWE-787 CVE-2020-16291: A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CVE-2020-16307 [MEDIUM] CWE-476 CVE-2020-16307: A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex So A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

CVE-2020-15900 [CRITICAL] CWE-191 CVE-2020-15900: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard Post A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b

CVE-2019-10216 [HIGH] CWE-648 CVE-2019-10216: In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.

CVE-2019-14812 [HIGH] CWE-648 CVE-2019-14812: A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVE-2019-14869 [HIGH] CWE-648 CVE-2019-14869: A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, wh A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access fi

CVE-2019-14813 [CRITICAL] CWE-648 CVE-2019-14813: A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVE-2019-14817 [HIGH] CWE-648 CVE-2019-14817: A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures w A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVE-2019-14811 [HIGH] CWE-648 CVE-2019-14811: A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure wher A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.

CVE-2017-15652 [MEDIUM] CWE-200 CVE-2017-15652: Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive informa Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so

CVE-2019-3839 [HIGH] CWE-648 CVE-2019-3839: It was found that in ghostscript some privileged operators remained accessible from various places a It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.

CVE-2019-3835 [MEDIUM] CWE-648 CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript bef It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.