USN-7103-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956 It was discovered...

CVE-2024-46956

A flaw was found in Artifex Ghostscript's psi/zfile.c component. This vulnerability allows arbitrary code execution via out-of-bounds data access...

CVE-2024-46955

A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows an out-of-bounds read, potentially leading to information disclosure via improper handling of color in the Indexed color space...

CVE-2024-46954

A flaw was found in Ghostscript/base/gputf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories...

CVE-2024-46953

A flaw was found in Artifex Ghostscript base/gsdevice.c. This vulnerability allows path truncation, path traversal, and possible code execution via an integer overflow when parsing the filename format string for the output filename...

CVE-2024-46952

A flaw was found in Artifex Ghostscript's PDF XRef stream handling. This vulnerability allows a buffer overflow via crafted values in the W array of a PDF XRef stream...

CVE-2024-46951

A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ghostscript vulnerabilities (USN-7103-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7103-1 advisory. It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to caus...

PT-2025-11340

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.05.0 Ghostscript affected versions not specified Description A buffer overflow issue exists in Ghostscript when converting glyphs to Unicode within the psi/zbfont.c file. This can potentially lead to...

PT-2025-11337 · Unknown +7 · Ghostscript +7

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns a compression buffer overflow in NPDL devices and package vulnerabilities related to ghostscript in Debian Linux. Recommendations: At the moment, there is no...

Debian: Security Advisory (DSA-5808-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-11336 · Unknown +4 · Ghostscript +4

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified ghostscript affected versions not specified Description: The issue concerns a text buffer overflow with long characters in the DOCXWRITE and TXTWRITE devices. Recommendations: For Debian Linux,...

[SECURITY] [DSA 5808-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5808-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 11, 2024 https://www.debian.org/security/faq -...

The vulnerability of the PDF XRef Stream Handler component in the Ghostscript software suite for document processing, conversion, and generation means that a malicious actor can compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the PDF XRef StreamHandler component in the Ghostscript software for document processing, conversion, and generation is related to the execution of operations outside of the buffer. Exploiting this vulnerability could allow an attacker to influence the confidentiality,...

Debian dsa-5808 : ghostscript - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5808 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5808-1 [email protected] https://www.debian.org/securit...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2886)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2905)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-5808-1 ghostscript - security update

Bulletin has no description...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2829)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2812)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...