cbcvebase.

Artifex Ghostscript vulnerabilities

168 known vulnerabilities affecting artifex/ghostscript.

Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
3
Severity breakdown
CRITICAL23HIGH70MEDIUM73LOW2

Vulnerabilities

Page 9 of 9
CVE-2010-4054P4MEDIUMCVSS 4.3≥ 0, < 8.71~dfsg-12010-10-23
CVE-2010-4054 [MEDIUM] CVE-2010-4054: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application cra The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.
osv
CVE-2025-46646P4MEDIUMCVSS 4.5fixed in 10.05.02025-04-26
CVE-2025-46646 [MEDIUM] CVE-2025-46646: In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encod In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
nvdosv
CVE-2023-39327P4MEDIUMCVSS 4.3≥ 0, < 9.26~dfsg+0-0ubuntu0.16.04.14+esm9≥ 0, < 9.26~dfsg+0-0ubuntu0.18.04.18+esm4+3 more2025-07-08
CVE-2023-39327 [MEDIUM] ghostscript vulnerabilities ghostscript vulnerabilities It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2023-39327) Thomas Rinsma discovered that Ghostscript did not correctly handle printing certain variables
osv
CVE-2016-10218P4MEDIUMCVSS 5.5v9.202017-04-03
CVE-2016-10218 [MEDIUM] CWE-476 CVE-2016-10218: The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artife The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
nvd
CVE-2023-38560P4MEDIUMCVSS 5.5≥ 0, < 10.02.0~dfsg-12023-08-01
CVE-2023-38560 [MEDIUM] CVE-2023-38560: An integer overflow flaw was found in pcl/pl/plfont An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
osv
CVE-2007-2721P4MEDIUMCVSS 4.3≥ 0, < 8.61.dfsg.1~svn8187-1.12007-05-16
CVE-2007-2721 [MEDIUM] CVE-2007-2721: The jpc_qcx_getcompparms function in jpc/jpc_cs The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
osv
CVE-2025-48708P4LOWCVSS 3.3fixed in 10.05.12025-05-23
CVE-2025-48708 [LOW] CWE-212 CVE-2025-48708: gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argume gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
nvdosv
CVE-2024-29508P4LOWCVSS 3.3fixed in 10.03.02024-07-03
CVE-2024-29508 [LOW] CWE-122 CVE-2024-29508: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
nvdosv
Artifex Ghostscript vulnerabilities | cvebase