Artifex Ghostscript vulnerabilities
168 known vulnerabilities affecting artifex/ghostscript.
Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
3
Severity breakdown
CRITICAL23HIGH70MEDIUM73LOW2
Vulnerabilities
Page 5 of 9
CVE-2024-33870P4MEDIUMCVSS 6.3fixed in 10.03.12024-07-03
CVE-2024-33870 [MEDIUM] CWE-22 CVE-2024-33870: An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafte
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
nvdosv
CVE-2017-9739P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9739 [HIGH] CVE-2017-9739: The Ins_JMPR function in base/ttinterp
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
osv
CVE-2017-9727P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9727 [HIGH] CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
osv
CVE-2017-9612P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9612 [HIGH] CVE-2017-9612: The Ins_IP function in base/ttinterp
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
osv
CVE-2017-9618P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9618 [HIGH] CVE-2017-9618: The xps_load_sfnt_name function in xps/xpsfont
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document.
osv
CVE-2017-9611P4HIGHCVSS 7.8v9.212017-07-26
CVE-2017-9611 [HIGH] CWE-125 CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attacker
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
nvdosv
CVE-2018-10194P4HIGHCVSS 7.8≤ 9.222018-04-18
CVE-2018-10194 [HIGH] CWE-119 CVE-2018-10194: The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Gho
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
nvdosv
CVE-2017-9740P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9740 [HIGH] CVE-2017-9740: The xps_decode_font_char_imp function in xps/xpsfont
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
osv
CVE-2017-9610P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9610 [HIGH] CVE-2017-9610: The xps_load_sfnt_name function in xps/xpsfont
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
osv
CVE-2017-9620P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9620 [HIGH] CVE-2017-9620: The xps_select_font_encoding function in xps/xpsfont
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.
osv
CVE-2018-16513P4HIGHCVSS 7.8fixed in 9.242018-09-05
CVE-2018-16513 [HIGH] CWE-704 CVE-2018-16513: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a ty
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
nvdosv
CVE-2019-25059P4HIGHCVSS 7.8≤ 9.262022-04-25
CVE-2019-25059 [HIGH] CVE-2019-25059: Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an inc
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
nvdosv
CVE-2020-21890P3HIGHCVSS 7.8v9.502023-08-22
CVE-2020-21890 [HIGH] CWE-787 CVE-2020-21890: Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.
nvdosv
CVE-2017-6196P4HIGHCVSS 7.8≥ 0, < 9.10~dfsg-0ubuntu10.6≥ 0, < 9.18~dfsg~0-0ubuntu2.32017-02-24
CVE-2017-6196 [HIGH] CVE-2017-6196: Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.
osv
CVE-2018-16543P4HIGHCVSS 7.8fixed in 9.242018-09-05
CVE-2018-16543 [HIGH] CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an u
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
nvdosv
CVE-2008-3520P4CRITICALCVSS 9.3≥ 0, < 8.64~dfsg-22008-10-02
CVE-2008-3520 [CRITICAL] CVE-2008-3520: Multiple integer overflows in JasPer 1
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
osv
CVE-2018-11645P4MEDIUMCVSS 5.3≤ 9.202018-06-01
CVE-2018-11645 [MEDIUM] CVE-2018-11645: psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.
nvdosv
CVE-2017-11714P4HIGHCVSS 7.8v9.212017-07-28
CVE-2017-11714 [HIGH] CWE-125 CVE-2017-11714: psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c.
nvdosv
CVE-2017-7948P4HIGHCVSS 7.8v9.212017-04-19
CVE-2017-7948 [HIGH] CWE-190 CVE-2017-7948: Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to c
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.
nvdosv
CVE-2015-3228P4MEDIUMCVSS 6.8≥ 0, < 9.15~dfsg-12015-08-11
CVE-2015-3228 [MEDIUM] CVE-2015-3228: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
osv