SUSE CVE-2015-9382

FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...

SUSE CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document...

SUSE CVE-2016-8602

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack...

SUSE CVE-2016-10317

The fillthreshholdbuffer function in base/gxhtthresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document...

SUSE CVE-2017-6196

Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...

SUSE CVE-2017-7207

The memgetbitsrectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PostScript document...

SUSE CVE-2017-7948

Integer overflow in the markcurve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via a crafted PostScript document...

SUSE CVE-2017-9835

The gsallocrefarray function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer...

SUSE CVE-2017-11573

FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName parsettf.c resulting in DoS or code execution via a crafted otf file...

SUSE CVE-2017-11714

psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the...

SUSE CVE-2017-14624

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c...

SUSE CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

SUSE CVE-2017-17682

In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service CPU exhaustion via a crafted wpg image file that triggers a ReadWPGImage call...

SUSE CVE-2017-18237

An issue was discovered in Exempi before 2.4.3. The PostScriptSupport::ConvertToDate function in XMPFiles/source/FormatSupport/PostScriptSupport.cpp allows remote attackers to cause a denial of service invalid pointer dereference and application crash via a crafted .ps file...

SUSE CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

SUSE CVE-2018-7729

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScriptHandler.cpp...

SUSE CVE-2018-15908

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files...

SUSE CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code...

SUSE CVE-2018-15910

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code...

SUSE CVE-2018-15911

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...