Artifex Ghostscript vulnerabilities
168 known vulnerabilities affecting artifex/ghostscript.
Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
3
Severity breakdown
CRITICAL23HIGH70MEDIUM73LOW2
Vulnerabilities
Page 6 of 9
CVE-2008-6679P4MEDIUMCVSS 5.0≥ 0, < 8.64~dfsg-12009-04-08
CVE-2008-6679 [MEDIUM] CVE-2008-6679: Buffer overflow in the BaseFont writer module in Ghostscript 8
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
osv
CVE-2019-3835P4MEDIUMCVSS 5.5fixed in 9.272019-03-25
CVE-2019-3835 [MEDIUM] CWE-648 CVE-2019-3835: It was found that the superexec operator was available in the internal dictionary in ghostscript bef
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
nvdosv
CVE-2019-3838P4MEDIUMCVSS 5.5fixed in 9.272019-03-25
CVE-2019-3838 [MEDIUM] CWE-648 CVE-2019-3838: It was found that the forceput operator could be extracted from the DefineResource method in ghostsc
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
nvdosv
CVE-2013-5653P4MEDIUMCVSS 5.5≥ 0, < 9.19~dfsg-3.12017-03-07
CVE-2013-5653 [MEDIUM] CVE-2013-5653: The getenv and filenameforall functions in Ghostscript 9
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
osv
CVE-2017-9619P4HIGHCVSS 7.8≥ 0, < 9.22~dfsg-12017-07-26
CVE-2017-9619 [HIGH] CVE-2017-9619: The xps_true_callback_glyph_name function in xps/xpsttf
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file.
osv
CVE-2010-2055P4HIGHCVSS 7.2≥ 0, < 8.71~dfsg2-6.12010-07-22
CVE-2010-2055 [HIGH] CVE-2010-2055: Ghostscript 8
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
osv
CVE-2024-29507P4MEDIUMCVSS 5.4fixed in 10.03.02024-07-03
CVE-2024-29507 [MEDIUM] CWE-120 CVE-2024-29507: Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
nvdosv
CVE-2018-18073P4MEDIUMCVSS 6.3≤ 9.252018-10-15
CVE-2018-18073 [MEDIUM] CWE-200 CVE-2018-18073: Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
nvdosv
CVE-2025-59798P4MEDIUMCVSS 5.5≤ 10.05.12025-09-22
CVE-2025-59798 [MEDIUM] CWE-121 CVE-2025-59798: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/v
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
nvdosv
CVE-2020-27792P4HIGHCVSS 7.1≤ 9.502022-08-19
CVE-2020-27792 [HIGH] CWE-119 CVE-2020-27792: A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
nvdosv
CVE-2025-59799P4MEDIUMCVSS 5.5≤ 10.05.12025-09-22
CVE-2025-59799 [MEDIUM] CWE-121 CVE-2025-59799: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devi
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
nvdosv
CVE-2020-16304P4MEDIUMCVSS 5.5≥ 9.18, ≤ 9.522020-08-13
CVE-2020-16304 [MEDIUM] CWE-787 CVE-2020-16304: A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Softwar
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
nvdosv
CVE-2020-16302P4MEDIUMCVSS 5.5v9.502020-08-13
CVE-2020-16302 [MEDIUM] CWE-120 CVE-2020-16302: A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software G
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
nvdosv
CVE-2018-16539P4MEDIUMCVSS 5.5fixed in 9.242018-09-05
CVE-2018-16539 [MEDIUM] CWE-200 CVE-2018-16539: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
nvdosv
CVE-2025-59800P4MEDIUMCVSS 5.5≤ 10.05.12025-09-22
CVE-2025-59800 [MEDIUM] CWE-190 CVE-2025-59800: In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overfl
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
nvdosv
CVE-2024-33869P4MEDIUMCVSS 5.3fixed in 10.03.12024-07-03
CVE-2024-33869 [MEDIUM] CWE-22 CVE-2024-33869: An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
nvdosv
CVE-2017-15652P4MEDIUMCVSS 5.5v9.222019-05-23
CVE-2017-15652 [MEDIUM] CWE-200 CVE-2017-15652: Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive informa
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so
nvdosv
CVE-2020-16297P4MEDIUMCVSS 5.5≥ 9.18, < 9.522020-08-13
CVE-2020-16297 [MEDIUM] CWE-787 CVE-2020-16297: A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Softw
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvdosv
CVE-2020-16291P4MEDIUMCVSS 5.5≥ 9.18, < 9.522020-08-13
CVE-2020-16291 [MEDIUM] CWE-787 CVE-2020-16291: A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvdosv
CVE-2020-16296P4MEDIUMCVSS 5.5≥ 9.18, < 9.522020-08-13
CVE-2020-16296 [MEDIUM] CWE-787 CVE-2020-16296: A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
nvdosv