CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.1CVSS7.6AI score0.01938EPSS

SUSE CVE-2018-16511

An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact...

Exploits0References12

7.3CVSS7.4AI score0.01501EPSS

SUSE CVE-2018-16513

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact...

Exploits0References10

5.3CVSS6.7AI score0.01445EPSS

SUSE CVE-2018-16539

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable...

Exploits0References9

7.3CVSS7.5AI score0.01561EPSS

SUSE CVE-2018-16540

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact...

Exploits0References10

7.3CVSS6.9AI score0.01412EPSS

SUSE CVE-2018-16541

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter...

Exploits0References19

7.3CVSS7AI score0.01274EPSS

SUSE CVE-2018-16543

In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact...

Exploits0References9

7.3CVSS6.9AI score0.01908EPSS

SUSE CVE-2018-16542

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter...

Exploits0References10

3.3CVSS7.7AI score0.01721EPSS

SUSE CVE-2018-16585

An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...

Exploits0References9

8.8CVSS7.5AI score0.02159EPSS

SUSE CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

Exploits0References17

SUSE CVE•added 2023/02/15 4:23 a.m.•2 views

SUSE CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...

7.3CVSS9.8AI score0.01249EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 4:23 a.m.•2 views

SUSE CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

8.1CVSS7AI score0.01829EPSS

Exploits0References21

SUSE CVE•added 2023/02/15 4:23 a.m.•1 views

SUSE CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...

5.3CVSS7AI score0.0998EPSS

Exploits2References16

SUSE CVE•added 2023/02/15 4:23 a.m.•4 views

SUSE CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

5.3CVSS7.1AI score0.0273EPSS

Exploits0References15

SUSE CVE•added 2023/02/15 4:23 a.m.•2 views

SUSE CVE-2018-18284

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator...

8.1CVSS7AI score0.16288EPSS

Exploits1References16

7.3CVSS9.6AI score0.02873EPSS

SUSE CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

7.1CVSS7AI score0.07825EPSS

SUSE CVE-2018-19409

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used...

Exploits0References15

SUSE CVE•added 2023/02/15 4:22 a.m.•1 views

SUSE CVE-2018-19476

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion...

7.1CVSS7AI score0.0304EPSS

7.1CVSS7AI score0.0304EPSS

SUSE CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion...

SUSE CVE•added 2023/02/15 4:22 a.m.•3 views

SUSE CVE-2018-19475

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same...

7.1CVSS7AI score0.09548EPSS