CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2025/04/26 12:0 a.m.•6 views

CVE-2025-46646

In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...

4.5CVSS4.8AI score0.00155EPSS

CVE•added 2025/04/26 12:0 a.m.•111 views

CVE-2025-46646

CVE-2025-46646 affects Artifex Ghostscript prior to 10.05.0, where decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encodings. This issue is linked to an incomplete fix for CVE-2024-46954. Affected products include Ghostscript releases before 10.05.0; multiple advisories reference upgrades...

4.5CVSS6.9AI score0.00155EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2025/04/22 12:0 a.m.•20 views

Amazon Linux AMI : ghostscript (ALAS-2025-1967)

The version of ghostscript installed on the remote host is prior to 8.70-24.34. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1967 advisory. The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has exist...

9.8CVSS7.4AI score0.00775EPSS

Exploits0References6

OSV•added 2025/04/21 9:51 p.m.•3 views

CLSA-2025-1745272309 ghostscript: Fix of 2 CVEs

CVE-2024-33869: fix path traversal and command execution vulnerability in base/gpmisc.c - CVE-2024-33870: fix path traversal vulnerability to prevent unauthorized access to arbitrary files by restricting access to permitted paths...

6.3CVSS6.8AI score0.00515EPSS

Exploits0References1

Amazon•added 2025/04/17 12:0 a.m.•18 views

Important: ghostscript

Issue Overview: The calculation of the buffer size was being done with int values, and overflowing that data type. The bug has existed since the creation of the file contrib/japanese/gdevnpdl.c The calculation of the buffer size was being done with int values, and overflowing that data type. By...

9.8CVSS7.9AI score0.00775EPSS

Tenable Nessus•added 2025/04/17 12:0 a.m.•8 views

Amazon Linux 2 : ghostscript (ALAS-2025-2820)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2820 advisory. Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multipl...

9.8CVSS7.2AI score0.00564EPSS

Exploits0References8

OSV•added 2025/04/16 5:56 a.m.•3 views

CLSA-2025-1744782967 ghostscript: Fix of 3 CVEs

CVE-2024-33871: fix arbitrary code execution by restricting Driver parameter to load only known dynamic libraries in gdevopvp.c - CVE-2023-38559: fix buffer overflow flaw in devnpcxwriterle function by adding input validation checks - CVE-2024-29510: fix memory corruption and SAFER sandbox bypass...

8.8CVSS7.5AI score0.27992EPSS

Exploits6References1

Amazon•added 2025/04/16 12:0 a.m.•11 views

Important: ghostscript

Issue Overview: Fix confusion between bytes and shorts. Data is being copied from a string in multiple of shorts, rather than multiple of bytes, leading to both a read probably benign, given the memory manager and write buffer overflow. Info: https://bugs.ghostscript.com/showbug.cgi?id=708131...

9.8CVSS6.9AI score0.00564EPSS

Amazon•added 2025/04/16 12:0 a.m.•4 views

Important: ghostscript

9.8CVSS7.3AI score0.00564EPSS

Amazon•added 2025/04/14 12:0 a.m.•2 views

Important: ghostscript

Issue Overview: PDF interpreter - Guard against unsigned int overflow. A large Type 4 function definition can overflow the uint counter, causing the allocated buffer to be smaller than required. Info: https://bugs.ghostscript.com/showbug.cgi?id=708253 Patch:...

9.8CVSS8AI score0.00564EPSS

Amazon•added 2025/04/14 12:0 a.m.•8 views

Important: ghostscript

9.8CVSS7.2AI score0.00564EPSS

Tenable Nessus•added 2025/04/14 12:0 a.m.•10 views

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-927)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-927 advisory. PDF interpreter - Guard against unsigned int overflow. A large Type 4 function definition can overflow the uint counter, causing the allocated buffer to be smaller than required. Info:...

9.8CVSS7.2AI score0.00564EPSS

Exploits0References10

OSV•added 2025/04/11 1:43 p.m.•3 views

OESA-2025-1401 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer...

OSV•added 2025/04/11 1:43 p.m.•3 views

OESA-2025-1400 ghostscript security update

OSV•added 2025/04/11 1:43 p.m.•2 views

OESA-2025-1399 ghostscript security update

OSV•added 2025/04/11 1:43 p.m.•2 views

OESA-2025-1398 ghostscript security update

Positive Technologies•added 2025/04/11 12:0 a.m.•3 views

PT-2025-22637

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.05.1 Description The issue lacks argument sanitization for the case in the gs lib ctx stash sanitized arg function in base/gslibctx.c. This allows a created PDF document to include its password in...

4CVSS7.2AI score0.00274EPSS

Exploits0References60

Fedora•added 2025/04/10 2:46 a.m.•12 views

[SECURITY] Fedora 40 Update: ghostscript-10.02.1-14.fc40

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

9.8CVSS7.3AI score0.00775EPSS