Lucene search

K

Ghostscript Security Vulnerabilities

cve
cve

CVE-2008-0411

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace...

7.6AI Score

0.148EPSS

2008-02-28 09:44 PM
29
cve
cve

CVE-2007-6725

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d...

7.6AI Score

0.07EPSS

2009-04-08 04:30 PM
33
cve
cve

CVE-2009-0792

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer...

8.3AI Score

0.012EPSS

2009-04-14 04:26 PM
61
cve
cve

CVE-2012-4405

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted....

7.6AI Score

0.041EPSS

2012-09-18 05:55 PM
40
cve
cve

CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...

8.8CVSS

8.5AI Score

0.004EPSS

2019-11-15 12:15 PM
271
cve
cve

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript....

7.8CVSS

7.7AI Score

0.018EPSS

2019-05-16 07:29 PM
225
cve
cve

CVE-2019-10216

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of.....

7.8CVSS

7.6AI Score

0.001EPSS

2019-11-27 01:15 PM
323
2
cve
cve

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by...

5.5CVSS

5.6AI Score

0.002EPSS

2019-03-25 07:29 PM
194
cve
cve

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by...

5.5CVSS

6.3AI Score

0.002EPSS

2019-03-25 07:29 PM
203
cve
cve

CVE-2009-0583

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer...

8.2AI Score

0.01EPSS

2009-03-23 08:00 PM
42
cve
cve

CVE-2010-4820

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than...

6.7AI Score

0.0004EPSS

2014-10-27 01:55 AM
32
cve
cve

CVE-2009-4270

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS...

7.7AI Score

0.022EPSS

2009-12-21 04:30 PM
35
cve
cve

CVE-2009-0196

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large....

7.9AI Score

0.139EPSS

2009-04-16 03:12 PM
38
cve
cve

CVE-2008-6679

Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript...

7.6AI Score

0.123EPSS

2009-04-08 04:30 PM
26
cve
cve

CVE-2009-0584

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code.....

7.9AI Score

0.008EPSS

2009-03-23 08:00 PM
36