cbcvebase.

Debian Ghostscript vulnerabilities

168 known vulnerabilities affecting debian/ghostscript.

Total CVEs
168
CISA KEV
1
actively exploited
Public exploits
7
Exploited in wild
2
Severity breakdown
CRITICAL16HIGH59MEDIUM65LOW28

Vulnerabilities

Page 4 of 9
CVE-2020-14373MEDIUMCVSS 5.5fixed in ghostscript 9.26~dfsg-1 (bookworm)2020
CVE-2020-14373 [MEDIUM] CVE-2020-14373: ghostscript - A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript... A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. Scope: local bookworm: resolved (fixed in 9.26~dfsg-1) bullseye: resolved (fixed in 9.26~dfsg-1) forky: resolved (fixed in 9.26~dfsg-1) sid: resolved (fixed in 9.26~dfsg-1) trixie: resol
debian
CVE-2020-16298MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16298 [MEDIUM] CVE-2020-16298: ghostscript - A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmj... A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) si
debian
CVE-2020-16305MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16305 [MEDIUM] CVE-2020-16305: ghostscript - A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c... A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid:
debian
CVE-2020-16306MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16306 [MEDIUM] CVE-2020-16306: ghostscript - A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Softwa... A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: resolved (f
debian
CVE-2020-16290MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16290 [MEDIUM] CVE-2020-16290: ghostscript - A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c o... A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: re
debian
CVE-2020-16302MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16302 [MEDIUM] CVE-2020-16302: ghostscript - A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c o... A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: resolved
debian
CVE-2020-16288MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16288 [MEDIUM] CVE-2020-16288: ghostscript - A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c ... A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: r
debian
CVE-2020-16294MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16294 [MEDIUM] CVE-2020-16294: ghostscript - A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Ar... A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: resolv
debian
CVE-2020-16293MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16293 [MEDIUM] CVE-2020-16293: ghostscript - A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_i... A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) fo
debian
CVE-2020-16287MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16287 [MEDIUM] CVE-2020-16287: ghostscript - A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c o... A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: re
debian
CVE-2020-16292MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16292 [MEDIUM] CVE-2020-16292: ghostscript - A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c... A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid:
debian
CVE-2020-16297MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16297 [MEDIUM] CVE-2020-16297: ghostscript - A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjc... A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~d
debian
CVE-2020-21710MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-21710 [MEDIUM] CVE-2020-21710: ghostscript - A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Sof... A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: resolved (fixed in 9.51~dfsg-1)
debian
CVE-2020-16291MEDIUMCVSS 5.5fixed in ghostscript 9.51~dfsg-1 (bookworm)2020
CVE-2020-16291 [MEDIUM] CVE-2020-16291: ghostscript - A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostSc... A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Scope: local bookworm: resolved (fixed in 9.51~dfsg-1) bullseye: resolved (fixed in 9.51~dfsg-1) forky: resolved (fixed in 9.51~dfsg-1) sid: resolved (fixed in
debian
CVE-2019-14813CRITICALCVSS 9.8fixed in ghostscript 9.28~~rc2~dfsg-1 (bookworm)2019
CVE-2019-14813 [CRITICAL] CVE-2019-14813: ghostscript - A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparam... A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Scope: local bookwor
debian
CVE-2019-25059HIGHCVSS 7.8fixed in ghostscript 9.27~dfsg-1 (bookworm)2019
CVE-2019-25059 [HIGH] CVE-2019-25059: ghostscript - Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exis... Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. Scope: local bookworm: resolved (fixed in 9.27~dfsg-1) bullseye: resolved (fixed in 9.27~dfsg-1) forky: resolved (fixed in 9.27~dfsg-1) sid: resolved (fixed in 9.27~dfsg-1) trixie: resolved (fixed in 9.27~dfsg-1)
debian
CVE-2019-3839HIGHCVSS 7.8fixed in ghostscript 9.27~dfsg-1 (bookworm)2019
CVE-2019-3839 [HIGH] CVE-2019-3839: ghostscript - It was found that in ghostscript some privileged operators remained accessible f... It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable. Scope: local bookworm: resolve
debian
CVE-2019-14817HIGHCVSS 7.8fixed in ghostscript 9.28~~rc2~dfsg-1 (bookworm)2019
CVE-2019-14817 [HIGH] CVE-2019-14817: ghostscript - A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken an... A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Scope: local book
debian
CVE-2019-14811HIGHCVSS 7.8fixed in ghostscript 9.28~~rc2~dfsg-1 (bookworm)2019
CVE-2019-14811 [HIGH] CVE-2019-14811: ghostscript - A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Cr... A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Scope: local bookwor
debian
CVE-2019-10216HIGHCVSS 7.8fixed in ghostscript 9.27~dfsg-3.1 (bookworm)2019
CVE-2019-10216 [HIGH] CVE-2019-10216: ghostscript - In ghostscript before version 9.50, the .buildfont1 procedure did not properly s... In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. Scope: local bookworm: resolved (fixed in 9.27
debian
← Previous4 / 9Next →