5485 matches found
CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
Design/Logic Flaw
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
UBUNTU-CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
DEBIAN-CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
Artifex Software Ghostscript Security Vulnerability
Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-Postscrip...
CVE-2020-36773
Summary: CVE-2020-36773 affects Artifex Ghostscript up to version 9.52.x (before 9.53.0). The flaw is an out-of-bounds write and use‑after‑free in devices/vector/gdevtxtw.c (txtwrite) caused by a single PDF character code mapping to multiple Unicode code points (e.g., ligatures). Impact (per sour...
PT-2024-5031 · Artifex +4 · Ghostscript +4
Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.0 Description: The issue is related to a stack-based buffer overflow in the pdfi apply filter function of the Ghostscript software suite, which occurs during the filtering process. This can be...
PT-2024-5030 · Artifex +4 · Artifex Ghostscript +4
Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.0 Description: The issue is related to a heap-based overflow when the PDFPassword parameter has a 000 byte in the middle, which can be exploited by a remote attacker to cause a denial of service...
PT-2024-5032 · Artifex +6 · Artifex Ghostscript +6
Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.0 Artifex Ghostscript versions prior to 10.0.3.0 Description: The issue is related to a heap-based pointer disclosure in the pdf base font alloc function, observable in a constructed BaseFont name...
Amazon Linux 2 : ghostscript (ALAS-2024-2422)
The version of ghostscript installed on the remote host is prior to 9.25-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2422 advisory. An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attacker...
Important: ghostscript
Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2...
Important: ghostscript
Issue Overview: An issue was discovered in the function gdevprnopenprinterseekable in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. CVE-2023-46751 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2...
EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2023-3329)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because th...
EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2023-2876)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix...
EulerOS Virtualization 3.0.6.0 : ghostscript (EulerOS-SA-2023-3430)
According to the versions of the ghostscript packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the...
EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2023-3176)
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because th...