SUSE CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gsinit.ps, a different...

SUSE CVE-2010-3703

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service crash via a PDF file that triggers an uninitialized...

SUSE CVE-2010-4820

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

SUSE CVE-2012-1140

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via a crafted PostScript font object...

SUSE CVE-2012-4405

Multiple integer underflows in the icmLutallocate function in International Color Consortium ICC Format library icclib, as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 1...

SUSE CVE-2012-6076

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts...

SUSE CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

SUSE CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

SUSE CVE-2014-8127

LibTIFF 4.0.3 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted TIFF image to the 1 checkInkNamesString function in tifdir.c in the thumbnail tool, 2 compresscontig function in tiff2bw.c in the tiff2bw tool, 3 putcontig8bitCIELab function in...

SUSE CVE-2014-9745

The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...

SUSE CVE-2015-3228

Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...

SUSE CVE-2015-9382

FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...

SUSE CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document...

SUSE CVE-2016-8602

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack...

SUSE CVE-2016-10317

The fillthreshholdbuffer function in base/gxhtthresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document...

SUSE CVE-2017-6196

Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...

SUSE CVE-2017-7207

The memgetbitsrectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PostScript document...

SUSE CVE-2017-7948

Integer overflow in the markcurve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service out-of-bounds write and application crash or possibly have unspecified other impact via a crafted PostScript document...

SUSE CVE-2017-9835

The gsallocrefarray function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer...

SUSE CVE-2017-11573

FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName parsettf.c resulting in DoS or code execution via a crafted otf file...