Linux Distros Unpatched Vulnerability : CVE-2020-16303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability in xpsfinishimagepath in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate...

Linux Distros Unpatched Vulnerability : CVE-2018-10194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in...

Linux Distros Unpatched Vulnerability : CVE-2020-16293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A null pointer dereference vulnerability in composegroupnonknockoutnonblendisolatedallmaskcommon in base/gxblend.c of Artifex Software GhostScript v9.50 allows ...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-856)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-856 advisory. PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990NOTE: https://cgit.ghostscript.com/cgi-...

Amazon Linux 2 : ghostscript (ALAS-2025-2760)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2760 advisory. PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990NOTE:...

Advisory ROSA-SA-2025-2571

software: ghostscript 9.56.1 OS: ROSA-CHROME packageevrstring: ghostscript-9.56.1-1 CVE-ID: CVE-2024-46956 BDU-ID: 2024-09737 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the psi/zfile.c component of the Ghostscript document processing, conversion, and generation software suite involves reading...

USN-7138-1 ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in psi/zcolor.c in Artifex Ghostscript prior to version 10.04.0. An unchecked Implementation pointer in the Pattern color space could lead to arbitrary code execution...

ALPINE-CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

Artifex Ghostscript 安全漏洞

Artifex Ghostscript is a free software package from Artifex, Inc. based on Adobe, PostScript, and the Portable Document Format page description language. A security vulnerability exists in Artifex Ghostscript prior to version 10.04.0, which is caused by an integer overflow when parsing filename...

EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-2829)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function...

EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2024-2905)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function...

UBUNTU-CVE-2024-46951

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution...

SUSE CVE-2024-46954

An issue was discovered in decodeutf8 in base/gputf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal...

PT-2024-8201 · Artifex +8 · Artifex Ghostscript +8

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.04.0 Description: The issue is related to an integer overflow in the base/gsdevice.c component of Artifex Ghostscript, which can result in path truncation and possible path traversal and code execution...

ghostscript: format string injection leads to shell command execution (SAFER bypass)

A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands and upYMoveCommand, are treated as format strings for gpfprintf and gssnprintf. This lack of restriction permit...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript arises from the improper neutralization of special elements used in operating system commands. This allows an attacker to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to the introduction of a specially created pipe command. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

DEBIAN-CVE-2024-29507

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters...