Artifex Ghostscript vulnerabilities

168 known vulnerabilities affecting artifex/ghostscript.

Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
6
Exploited in wild
2
Severity breakdown
CRITICAL23HIGH70MEDIUM73LOW2

Vulnerabilities

Page 9 of 9
CVE-2007-6725HIGHCVSS 7.5≥ 0, < 8.63.dfsg.1-12009-04-08
CVE-2007-6725 [HIGH] CVE-2007-6725: The CCITTFax decoding filter in Ghostscript 8 The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
osv
CVE-2008-6679MEDIUMCVSS 5.0≥ 0, < 8.64~dfsg-12009-04-08
CVE-2008-6679 [MEDIUM] CVE-2008-6679: Buffer overflow in the BaseFont writer module in Ghostscript 8 Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
osv
CVE-2009-0584CRITICALCVSS 9.3≥ 0, < 8.64~dfsg-1.12009-03-23
CVE-2009-0584 [CRITICAL] CVE-2009-0584: icc icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScri
osv
CVE-2009-0583CRITICALCVSS 9.3≥ 0, < 8.64~dfsg-1.12009-03-23
CVE-2009-0583 [CRITICAL] CVE-2009-0583: Multiple integer overflows in icc Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a
osv
CVE-2008-3522CRITICALCVSS 10.0≥ 0, < 8.64~dfsg-22008-10-02
CVE-2008-3522 [CRITICAL] CVE-2008-3522: Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
osv
CVE-2008-3520CRITICALCVSS 9.3≥ 0, < 8.64~dfsg-22008-10-02
CVE-2008-3520 [CRITICAL] CVE-2008-3520: Multiple integer overflows in JasPer 1 Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
osv
CVE-2008-0411MEDIUMCVSS 6.8PoC≥ 0, < 8.61.dfsg.1-1.12008-02-28
CVE-2008-0411 [MEDIUM] CVE-2008-0411: Stack-based buffer overflow in the zseticcspace function in zicc Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
osv
CVE-2007-2721MEDIUMCVSS 4.3≥ 0, < 8.61.dfsg.1~svn8187-1.12007-05-16
CVE-2007-2721 [MEDIUM] CVE-2007-2721: The jpc_qcx_getcompparms function in jpc/jpc_cs The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
osv
← Previous9 / 9