Debian Ghostscript vulnerabilities

CVE-2021-3781 [CRITICAL] CVE-2021-3781: ghostscript - A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in t... A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integ

CVE-2021-45949 [MEDIUM] CVE-2021-45949: ghostscript - Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sam... Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). Scope: local bookworm: resolved (fixed in 9.55.0~dfsg-1) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u2) forky: resolved (fixed in 9.55.0~dfsg-1) sid: resolved (fixed in 9.55.0~dfsg-1) trixie: resolved (fixed in 9

CVE-2021-45944 [MEDIUM] CVE-2021-45944: ghostscript - Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sa... Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). Scope: local bookworm: resolved (fixed in 9.54.0~dfsg-5) bullseye: resolved (fixed in 9.53.3~dfsg-7+deb11u2) forky: resolved (fixed in 9.54.0~dfsg-5) sid: resolved (fixed in 9.54.0~dfsg-5) trixie: resolved (fixed in 9.54.0~dfsg-5

CVE-2020-36773 [CRITICAL] CVE-2020-36773: ghostscript - Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free ... Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). Scope: local bookworm: resolved (fixed in 9.53.0~dfsg-1) bullseye: resolved (fixed in 9.53.0~dfsg-1) forky: resolved (

CVE-2020-15900 [CRITICAL] CVE-2020-15900: ghostscript - A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of... A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Scope: lo

CVE-2020-21890 [HIGH] CVE-2020-21890: ghostscript - Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in... Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) s

CVE-2020-27792 [HIGH] CVE-2020-27792: ghostscript - A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_pr... A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye:

CVE-2020-16303 [HIGH] CVE-2020-16303: ghostscript - A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdev... A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: res

CVE-2020-16307 [MEDIUM] CVE-2020-16307: ghostscript - A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zb... A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~

CVE-2020-16301 [MEDIUM] CVE-2020-16301: ghostscript - A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of... A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: res

CVE-2020-16300 [MEDIUM] CVE-2020-16300: ghostscript - A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of ... A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: reso

CVE-2020-16295 [MEDIUM] CVE-2020-16295: ghostscript - A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.... A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid:

CVE-2020-16299 [MEDIUM] CVE-2020-16299: ghostscript - A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev1... A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) s

CVE-2020-16308 [MEDIUM] CVE-2020-16308: ghostscript - A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artif... A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: resolved

CVE-2020-16289 [MEDIUM] CVE-2020-16289: ghostscript - A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Arti... A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: resolved

CVE-2020-16310 [MEDIUM] CVE-2020-16310: ghostscript - A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of ... A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: reso

CVE-2020-17538 [MEDIUM] CVE-2020-17538: ghostscript - A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c ... A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~

CVE-2020-16309 [MEDIUM] CVE-2020-16309: ghostscript - A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of... A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: res

CVE-2020-16296 [MEDIUM] CVE-2020-16296: ghostscript - A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c... A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51

CVE-2020-16304 [MEDIUM] CVE-2020-16304: ghostscript - A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.... A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) s