Artifex Ghostscript vulnerabilities
168 known vulnerabilities affecting artifex/ghostscript.
Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
3
Severity breakdown
CRITICAL23HIGH70MEDIUM73LOW2
Vulnerabilities
Page 4 of 9
CVE-2008-3522P3CRITICALCVSS 10.0≥ 0, < 8.64~dfsg-22008-10-02
CVE-2008-3522 [CRITICAL] CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
osv
CVE-2018-15911P3HIGHCVSS 7.8≤ 9.232018-08-28
CVE-2018-15911 [HIGH] CWE-908 CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
nvdosv
CVE-2018-16511P3HIGHCVSS 7.8fixed in 9.242018-09-05
CVE-2018-16511 [HIGH] CWE-704 CVE-2018-16511: An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be use
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
nvdosv
CVE-2025-27830P3HIGHCVSS 7.8fixed in 10.05.02025-03-25
CVE-2025-27830 [HIGH] CWE-120 CVE-2025-27830: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during seria
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
nvdosv
CVE-2016-8602P3HIGHCVSS 7.8≤ 9.202017-04-14
CVE-2016-8602 [HIGH] CWE-704 CVE-2016-8602: The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
nvdosv
CVE-2017-9835P3HIGHCVSS 7.8v9.212017-07-26
CVE-2017-9835 [HIGH] CWE-190 CVE-2017-9835: The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
nvdosv
CVE-2018-17183P3HIGHCVSS 7.8fixed in 9.252018-09-19
CVE-2018-17183 [HIGH] CVE-2018-17183: Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used b
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
nvdosv
CVE-2018-16510P3HIGHCVSS 7.8fixed in 9.242018-09-05
CVE-2018-16510 [HIGH] CWE-119 CVE-2018-16510: An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.
nvdosv
CVE-2018-16585P3HIGHCVSS 7.8fixed in 9.242018-09-06
CVE-2018-16585 [HIGH] CVE-2018-16585: An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified ot
nvdosv
CVE-2022-1350P3HIGHCVSS 7.8≥ 0, < 10.0.0~dfsg-32022-04-14
CVE-2022-1350 [HIGH] CVE-2022-1350: A vulnerability classified as problematic was found in GhostPCL 9
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patch
osv
CVE-2025-27835P3HIGHCVSS 7.8fixed in 10.05.02025-03-25
CVE-2025-27835 [HIGH] CWE-120 CVE-2025-27835: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when convert
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
nvdosv
CVE-2016-10317P3HIGHCVSS 7.8v9.202017-04-03
CVE-2016-10317 [HIGH] CWE-119 CVE-2016-10317: The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
nvdosv
CVE-2018-16540P3HIGHCVSS 7.8fixed in 9.242018-09-05
CVE-2018-16540 [HIGH] CWE-416 CVE-2018-16540: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
nvdosv
CVE-2024-46952P3HIGHCVSS 7.8fixed in 10.04.02024-11-10
CVE-2024-46952 [HIGH] CWE-120 CVE-2024-46952: An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer o
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
nvdosv
CVE-2025-27834P3HIGHCVSS 7.8fixed in 10.05.02025-03-25
CVE-2025-27834 [HIGH] CWE-120 CVE-2025-27834: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an overs
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
nvdosv
CVE-2025-27833P3HIGHCVSS 7.8fixed in 10.05.02025-03-25
CVE-2025-27833 [HIGH] CWE-120 CVE-2025-27833: An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long T
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
nvdosv
CVE-2009-3560P4MEDIUMCVSS 5.0≥ 0, < 8.71~dfsg-22009-12-04
CVE-2009-3560 [MEDIUM] CVE-2009-3560: The big2_toUtf8 function in lib/xmltok
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
osv
CVE-2009-3720P4MEDIUMCVSS 5.0≥ 0, < 8.71~dfsg-22009-11-03
CVE-2009-3720 [MEDIUM] CVE-2009-3720: The updatePosition function in lib/xmltok_impl
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
osv
CVE-2017-9726P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9726 [HIGH] CVE-2017-9726: The Ins_MDRP function in base/ttinterp
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
osv
CVE-2016-7977P4MEDIUMCVSS 5.5≤ 9.202017-05-23
CVE-2016-7977 [MEDIUM] CWE-200 CVE-2016-7977: Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism a
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
nvdosv