Ghostscript Security Vulnerabilities and Issues — Ghostscript CVE List

Lucene search

Aladdin EnterprisesGhostscript

6 matches found

CVE•added 2005/02/09 5:0 a.m.•64 views

CVE-2004-0967

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

7.2CVSS5.8AI score0.00032EPSS

CVE•added 2001/01/22 5:0 a.m.•46 views

CVE-2000-1163

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

4.6CVSS6.7AI score0.00086EPSS

CVE•added 2002/06/05 4:0 a.m.•45 views

CVE-2001-1353

ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.

2.6CVSS6.8AI score0.00068EPSS

CVE•added 1999/09/29 4:0 a.m.•44 views

CVE-1999-0155

The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

7.5CVSS8AI score0.01234EPSS

CVE•added 2001/01/22 5:0 a.m.•41 views

CVE-2000-1162

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

3.7CVSS6.2AI score0.00077EPSS

CVE•added 2003/04/02 5:0 a.m.•35 views

CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

7.5CVSS7.4AI score0.00706EPSS