Debian Ghostscript vulnerabilities

CVE-2016-10217 [MEDIUM] CVE-2016-10217: ghostscript - The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript ... The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. Scope: local bookworm: resolved (fixed in 9.20~dfsg-3.1) bullseye: resolved (fixed in 9.20~dfsg-3.1) forky: resolve

CVE-2016-10218 [MEDIUM] CVE-2016-10218: ghostscript - The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transpare... The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2015-3228 [MEDIUM] CVE-2015-3228: ghostscript - Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghost... Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. Scope: local bookworm: resolved (fixed in 9.15~dfsg-1) bullseye: resolv

CVE-2013-5653 [MEDIUM] CVE-2013-5653: ghostscript - The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER"... The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. Scope: local bookworm: resolved (fixed in 9.19~dfsg-3.1) bullseye: resolved (fixed in 9.19~dfsg-3.1) forky: resolved (fixed in 9.19~dfsg-3.1) sid: resolved (fixed in 9.19~dfsg-3.1) trixie: resolved (

CVE-2012-4405 [MEDIUM] CVE-2012-4405: argyll - Multiple integer underflows in the icmLut_allocate function in International Col... Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a

CVE-2012-4875 [CRITICAL] CVE-2012-4875: ghostscript - Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing th... Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it Scope: local bookworm: resolved bullseye: resolved f

CVE-2011-4517 [MEDIUM] CVE-2011-4517: ghostscript - The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses a... The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 fi

CVE-2011-4516 [MEDIUM] CVE-2011-4516: ghostscript - Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc... Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file. Scope: local bookworm: resolved (fixed in 8.64~dfsg-2) bullse

CVE-2010-1869 [CRITICAL] CVE-2010-1869: ghostscript - Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 ... Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. Scope: local bookworm: resolved (fixed in 8.71~dfsg-4) bullseye: resolved (fixed in 8.71~dfsg-4) forky: resolved (fixed in 8.71~dfsg-4) sid: resolved (fixed in 8.71~dfsg-4) trixie: resolved

CVE-2010-2055 [HIGH] CVE-2010-2055: ghostscript - Ghostscript 8.71 and earlier reads initialization files from the current working... Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820. Scope: local bookworm: resolved (fixe

CVE-2010-4820 [HIGH] CVE-2010-4820: ghostscript - Untrusted search path vulnerability in Ghostscript 8.62 allows local users to ex... Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. Scope: local bookworm: resolved (fixed in 8.71~dfsg2-6.1) bullseye: resolved (fixed in 8.71~dfsg2-6.1) forky: resol

CVE-2010-1628 [CRITICAL] CVE-2010-1628: ghostscript - Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent att... Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. Scope: local bookworm: resolved (fixed in 8.71~dfsg2-4) bullseye: resolved (fixed in 8.71~dfsg2-4) forky: re

CVE-2010-4054 [MEDIUM] CVE-2010-4054: ghostscript - The gs_type2_interpret function in Ghostscript allows remote attackers to cause ... The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. Scope: local bookworm: resolved (fixed in 8.71~dfsg-1) bullseye: resolved (fixed in 8.71~dfsg-1) forky: resolved (fixed in 8.71~dfsg-1) sid: re

CVE-2009-3743 [CRITICAL] CVE-2009-3743: ghostscript - Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter... Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. Scope: local bookworm: resolved (fixed

CVE-2009-0583 [CRITICAL] CVE-2009-0583: argyll - Multiple integer overflows in icc.c in the International Color Consortium (ICC) ... Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using

CVE-2009-0584 [CRITICAL] CVE-2009-0584: argyll - icc.c in the International Color Consortium (ICC) Format library (aka icclib), a... icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated

CVE-2009-4897 [CRITICAL] CVE-2009-4897: ghostscript - Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote ... Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. Scope: local bookworm: resolved (fixed in 8.70~dfsg-1) bullseye: resolved (fixed in 8.70~dfsg-1) forky: resolved (fixed in 8.70~dfsg-1) sid: resol

CVE-2009-4270 [CRITICAL] CVE-2009-4270: ghostscript - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghosts... Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. Scope: local bookworm: resolved (fixed in 8.70~dfs

CVE-2009-0792 [CRITICAL] CVE-2009-0792: argyll - Multiple integer overflows in icc.c in the International Color Consortium (ICC) ... Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using

CVE-2009-0196 [CRITICAL] CVE-2009-0196: ghostscript - Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol... Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. Scope: local bookworm: resolved (fixed in 8.6