Afpl Ghostscript Security Vulnerabilities and Issues — Afpl Ghostscript CVE List

Lucene search

ArtifexAfpl Ghostscript

8 matches found

CVE•added 2024/07/03 7:15 p.m.•213 views

CVE-2024-29511

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

7.5CVSS7.1AI score0.00129EPSS

CVE•added 2010/07/22 5:40 a.m.•104 views

CVE-2009-4897

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

9.3CVSS7.8AI score0.10673EPSS

CVE•added 2017/03/07 3:59 p.m.•81 views

CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

5.5CVSS6.7AI score0.00214EPSS

CVE•added 2015/08/11 2:59 p.m.•71 views

CVE-2015-3228

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

6.8CVSS8.8AI score0.0098EPSS

CVE•added 2010/08/26 9:0 p.m.•70 views

CVE-2009-3743

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap...

9.3CVSS8AI score0.06694EPSS

CVE•added 2017/02/24 4:59 a.m.•63 views

CVE-2017-6196

Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript do...

7.8CVSS7.3AI score0.00476EPSS

CVE•added 2010/07/22 5:43 a.m.•54 views

CVE-2010-2055

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vuln...

7.2CVSS6.9AI score0.00111EPSS

CVE•added 2010/10/23 8:39 p.m.•51 views

CVE-2010-4054

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

4.3CVSS6.2AI score0.00866EPSS