Debian Ghostscript vulnerabilities

CVE-2018-16543 [HIGH] CVE-2018-16543: ghostscript - In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow at... In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. Scope: local bookworm: resolved (fixed in 9.25~dfsg-1) bullseye: resolved (fixed in 9.25~dfsg-1) forky: resolved (fixed in 9.25~dfsg-1) sid: resolved (fixed in 9.25~dfsg-1) trixie: resolved (fixed in 9.25~dfsg-1)

CVE-2018-15909 [HIGH] CVE-2018-15909: ghostscript - In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfil... In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. Scope: local bookworm: resolved (fixed in 9.22~dfsg-3) bullseye: resolved (fixed in 9.22~dfsg-3) forky: resolved (fixed in 9.22~dfsg-3) sid: resolved (f

CVE-2018-16585 [HIGH] CVE-2018-16585: ghostscript - An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkey... An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other

CVE-2018-19134 [HIGH] CVE-2018-19134: ghostscript - In Artifex Ghostscript through 9.25, the setpattern operator did not properly va... In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dic

CVE-2018-16511 [HIGH] CVE-2018-16511: ghostscript - An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in ... An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Scope: local bookworm: resolved (fixed in 9.22~dfsg-3) bullseye: resolved (fixed in 9.22~dfsg-3) forky: resolved (fixed in 9.22~dfsg-3) sid:

CVE-2018-19476 [HIGH] CVE-2018-19476: ghostscript - psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass ... psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Scope: local bookworm: resolved (fixed in 9.26~dfsg-1) bullseye: resolved (fixed in 9.26~dfsg-1) forky: resolved (fixed in 9.26~dfsg-1) sid: resolved (fixed in 9.26~dfsg-1) trixie: resolved (fixed in 9.26~dfsg-1)

CVE-2018-16542 [MEDIUM] CVE-2018-16542: ghostscript - In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript ... In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Scope: local bookworm: resolved (fixed in 9.22~dfsg-3) bullseye: resolved (fixed in 9.22~dfsg-3) forky: resolved (fixed in 9.22~dfsg-3) sid: resolved (fixed in 9.22~dfsg-3)

CVE-2018-16541 [MEDIUM] CVE-2018-16541: ghostscript - In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript ... In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Scope: local bookworm: resolved (fixed in 9.22~dfsg-3) bullseye: resolved (fixed in 9.22~dfsg-3) forky: resolved (fixed in 9.22~dfsg-3) sid: resolved (fixed in 9.22~dfsg-3) trixie: resolved (fi

CVE-2018-16539 [MEDIUM] CVE-2018-16539: ghostscript - In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript ... In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. Scope: local bookworm: resolved (fixed in 9.22~dfsg-3) bullseye: resolved (fixed in 9.22~dfsg-3) forky: resolved (fixed in 9.22~dfsg-3) sid: resolved

CVE-2018-18073 [MEDIUM] CVE-2018-18073: ghostscript - Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by... Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Scope: local bookworm: resolved (fixed in 9.25~dfsg-3) bullseye: resolved (fixed in 9.25~dfsg-3) forky: resolved (fixed in 9.25~dfsg-3) sid: resolved (fixed in 9.25~dfsg-3) trixie: resolved (f

CVE-2018-19478 [MEDIUM] CVE-2018-19478: ghostscript - In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an ... In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. Scope: local bookworm: resolved (fixed in 9.26~dfsg-1) bullseye: resolved (fixed in 9.26~dfsg-1) forky: resolved (fixed in 9.26~dfsg-1) sid: resolved (fixed in 9.26~dfsg-1) trixie: resolved (fixed in 9.26~dfsg-1)

CVE-2018-16863 [HIGH] CVE-2018-16863: ghostscript - It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker c... It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. Scope: local bookworm: res

CVE-2018-11645 [MEDIUM] CVE-2018-11645: ghostscript - psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command eve... psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. Scope: local bookworm: resolved (fixed in 9.21~dfsg-1) bullseye: resolved (fixed in 9.21~dfsg-1) forky: resolved (fixed in 9.21~dfsg-1)

CVE-2017-9611 [HIGH] CVE-2017-9611: ghostscript - The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 al... The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fix

CVE-2017-9739 [HIGH] CVE-2017-9739: ghostscript - The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 al... The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fix

CVE-2017-9726 [HIGH] CVE-2017-9726: ghostscript - The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 al... The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fix

CVE-2017-8291 [HIGH] CVE-2017-8291: ghostscript - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command ... Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Scope: local bookworm: resolved (fixed in 9.20~dfsg-3.1) bullseye: resolved (fixed in 9.20~dfsg-3.1) for

CVE-2017-9612 [HIGH] CVE-2017-9612: ghostscript - The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allo... The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fixed in 9.22~dfsg

CVE-2017-9835 [HIGH] CVE-2017-9835: ghostscript - The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allo... The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. Scope: local bookworm: resolved (fi

CVE-2017-9727 [HIGH] CVE-2017-9727: ghostscript - The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS... The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resol