Artifex Ghostscript vulnerabilities

CVE-2016-10220 [MEDIUM] CWE-476 CVE-2016-10220: The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 al The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.

CVE-2017-7207 [MEDIUM] CWE-476 CVE-2017-7207: The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attacke The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.

CVE-2013-5653 [MEDIUM] CVE-2013-5653: The getenv and filenameforall functions in Ghostscript 9 The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

CVE-2017-6196 [HIGH] CVE-2017-6196: Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.

CVE-2015-3228 [MEDIUM] CVE-2015-3228: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

CVE-2010-4820 [HIGH] CVE-2010-4820: Untrusted search path vulnerability in Ghostscript 8 Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

CVE-2012-4405 [MEDIUM] CVE-2012-4405: Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9 Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScrip

CVE-2011-4517 [MEDIUM] CVE-2011-4517: The jpc_crg_getparms function in libjasper/jpc/jpc_cs The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.

CVE-2011-4516 [MEDIUM] CVE-2011-4516: Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.

CVE-2010-4054 [MEDIUM] CVE-2010-4054: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application cra The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

CVE-2009-3743 [CRITICAL] CVE-2009-3743: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8 Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

CVE-2009-4897 [CRITICAL] CVE-2009-4897: Buffer overflow in gs/psi/iscan Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

CVE-2010-2055 [HIGH] CVE-2010-2055: Ghostscript 8 Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

CVE-2010-1628 [CRITICAL] CVE-2010-1628: Ghostscript 8 Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.

CVE-2010-1869 [CRITICAL] CVE-2010-1869: Stack-based buffer overflow in the parser function in GhostScript 8 Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.

CVE-2009-4270 [CRITICAL] CVE-2009-4270: Stack-based buffer overflow in the errprintf function in base/gsmisc Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

CVE-2009-3560 [MEDIUM] CVE-2009-3560: The big2_toUtf8 function in lib/xmltok The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

CVE-2009-3720 [MEDIUM] CVE-2009-3720: The updatePosition function in lib/xmltok_impl The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

CVE-2009-0196 [CRITICAL] CVE-2009-0196: Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

CVE-2009-0792 [CRITICAL] CVE-2009-0792: Multiple integer overflows in icc Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a