129 matches found
CVE-2024-33869
Artifex Ghostscript
CVE-2017-8291
Summary of CVE-2017-8291 (Ghostscript Type Confusion) : Ghostscript before or on 2017-04-26 allowed bypass of -dSAFER and remote command execution through a type confusion in parsing .eps/.rsdparams, specifically involving the substring "/OutputFile (%pipe%" in a crafted EPS input. In the wild ex...
CVE-2023-46751
CVE-2023-46751 affects Ghostscript; the issue is a dangling pointer in gdev_prn_open_printer_seekable() that could crash the application when processing malformed documents. The vulnerability is remotely triggerable and has been addressed in various advisories. Public details corroborate that Gho...
CVE-2023-43115
Ghostscript/GhostPDL (gdevijs.c) vulnerability (CVE-2023-43115) allows remote code execution via crafted PostScript documents after SAFER is activated, by switching to the IJS device or altering the IjsServer parameter. Affected are Ghostscript versions up to 10.01.2; the issue can be triggered w...
CVE-2023-38559
CVE-2023-38559 is a Ghostscript vulnerability: a buffer overflow/ out-of-bounds condition in base/gdevdevn.c:1973 (devn_pcx_write_rle()) could allow a local attacker to cause a denial of service by processing a crafted PDF for a DEVN device with gs. The connected advisories confirm the issue and ...
CVE-2025-59798
Artifex Ghostscript
CVE-2025-59800
Summary: CVE-2025-59800 affects Artifex Ghostscript through 10.05.1, with an integer overflow in ocr_begin_page (devices/gdevpdfocr.c) that leads to a heap-based buffer overflow in ocr_line8. Connected advisories (Fedora, Amazon Linux 2/2023, TencentOS, etc.) reference this and related CVEs (5979...
CVE-2025-59799
CVE-2025-59799 is an issue in Artifex Ghostscript up to and including 10.05.1 where a stack-based buffer overflow occurs in the PDF processing path, specifically in pdfmark_coerce_dest within devices/vector/gdevpdfm.c, triggered by a large size value. Several connected advisories (EulerOS, Unity ...
CVE-2024-29510
CVE-2024-29510 affects Ghostscript before 10.03.1, enabling memory corruption and SAFER sandbox bypass via a format string injection in the uniprint device. The issue is addressed in Ghostscript 10.03.1; affected advisories (e.g., ALAS/AL2024 updates) recommend upgrading Ghostscript to mitigate r...
CVE-2024-29511
CVE-2024-29511 affects Artifex Ghostscript before 10.03.1. When Tesseract OCR is used, it allows a directory traversal that reads arbitrary files and can write error messages to arbitrary files via OCRLanguage (e.g., using debug_file /tmp/out and user_patterns_file /etc/passwd). The vulnerability...
CVE-2019-10216
CVE-2019-10216 concerns GPL Ghostscript. The vulnerability is in the .buildfont1 procedure, which did not properly secure privileged calls, allowing a crafted PostScript file to bypass -dSAFER and escalate privileges to access restricted files. Affected: Ghostscript prior to 9.50. Impact: potenti...
CVE-2023-52722
CVE-2023-52722 affects Artifex Ghostscript prior to 10.03.1 where SAFER mode in psi/zmisc1.c can allow eexec seeds outside the Type 1 standard. Connected advisories confirm affected Ghostscript versions and provide remediation guidance: upgrade to Ghostscript 10.03.1 or newer (or applicable patch...
CVE-2024-33871
CVE-2024-33871 affects Artifex Ghostscript prior to 10.03.1. The issue is in contrib/opvp/gdevopvp.c where the Driver parameter for opvp (and oprp) devices can specify an arbitrary dynamic library name, which is then loaded when processing a crafted PostScript document. This allows arbitrary code...
CVE-2023-38560
CVE-2023-38560 is a Ghostscript vulnerability: an integer overflow in pl_glyph_name (pcl/pl/plfont.c:418) may allow a local attacker to cause a denial of service when converting a crafted PCL file to PDF. The Mageia advisory MGASA-2023-0267 and OSV entries indicate a fixed Ghostscript patch; upda...
CVE-2019-14869
Summary: CVE-2019-14869 affects Ghostscript 9.x up to 9.49, where the .charkeys primitive did not properly secure privileged calls, allowing a crafted PostScript file to bypass -dSAFER and escalate/execute commands or access restricted files. The issue is rooted in insufficient isolation of privi...
CVE-2019-6116
Artifex Ghostscript up to version 9.26 contains CVE-2019-6116, where ephemeral/transient procedures could allow access to system operators and enable remote code execution. The Amazon Linux 2 advisory confirms the sandbox escape family linked to this issue and notes the fix/update path, with upst...
CVE-2024-33870
CVE-2024-33870 affects Artifex Ghostscript up to version 10.03.1. The issue is a path traversal vulnerability in PostScript handling that can reach arbitrary files when the current directory is within permitted paths, e.g., transforming ../../foo to ./../../foo and gaining access if ./ is allowed...
CVE-2018-16509
Ghostscript (Artifex) before 9.25 has an issue where /invalidaccess checks can fail, allowing crafted PostScript to bypass -dSAFER and execute code via the pipe instruction. Several advisories indicate this is a security flaw that could enable remote/unauthenticated code execution in Ghostscript ...
CVE-2019-14813
Ghostscript (before 9.50) contains a sandbox escape in the setsystemparams path that can bypass -dSAFER controls, potentially allowing access to the file system or execution of arbitrary commands via crafted PostScript. The issue is reported as CVE-2019-14813 and is addressed in upstream fixes (g...
CVE-2019-3839
Ghostscript (Artifex) is affected by CVE-2019-3839: after the CVE-2019-6116 fix, some privileged operators remain accessible from various PostScript contexts, allowing a crafted PostScript file to access the filesystem outside -dSAFER constraints. The issue affects Ghostscript versions before 9.2...
CVE-2019-14811
Summary: Ghostscript before version 9.50 contains sandbox-safety bypasses in multiple procedures, notably the ".pdf_hook_DSC_Creator" path, allowing crafted PostScript to bypass -dSAFER and potentially access the file system or execute commands. Other vulnerable entry points include ".forceput" e...
CVE-2019-3835
CVE-2019-3835 affects Ghostscript prior to 9.27. A specially crafted PostScript file could cause a sandbox escape by abusing the internal superexec operator, allowing access to the filesystem outside -dSAFER. The issue was part of sandbox bypasses tied to various operators and has been fixed upst...
CVE-2019-14817
Ghostscript before version 9.50 is affected by sandbox escape flaws via multiple PostScript procedures, including .pdfexectoken, .pdf_hook_DSC_Creator, setuserparams, and setsystemparams, allowing bypass of -dSAFER and potential file-system access or command execution. Affected versions are befor...
CVE-2018-16540
Artifex Ghostscript is affected by CVE-2018-16540 (ghostscript before 9.24). The issue is a use-after-free in the PDF14 converter’s copydevice handling that could crash the interpreter or have other unspecified impact when processing crafted PostScript/PDF. Evidence in connected advisories confir...
CVE-2019-3838
Ghostscript prior to 9.27 is vulnerable to sandbox escape via crafted PostScript (CVE-2019-3835, CVE-2019-3838). The flaws enable access to the filesystem outside -dSAFER by exploiting the superexec/forceput paths in the internal dictionary. Upstream fixes are in 9.27; Arch Linux advisory recomme...
CVE-2018-19478
Ghostscript (Artifex) vulnerable before 9.26. A carefully crafted PDF can trigger an extremely long-running computation while parsing, potentially causing a denial of service. CVE-2018-19478. The connected sources indicate the issue exists in Ghostscript 9.25 and earlier; remediation is to upgrad...
CVE-2018-19409
Ghostscript advisory CVE-2018-19409 affects Artifex Ghostscript prior to 9.26, where LockSafetyParams is not checked correctly if another device is used. This is part of several post-2018 vulnerabilities in Ghostscript; Red Hat/CentOS and Debian/LTS advisories indicate that fixes were released in...
CVE-2023-28879
CVE-2023-28879 affects Ghostscript (through 10.01.0) with a buffer overflow in base/sbcp.c affecting BCPEncode/BCPDecode/TBCPEncode/TBCPDecode. The issue can corrupt internal PostScript interpreter data when the write buffer is near full and an escaped character is written, potentially causing to...
CVE-2021-3781
Summary: CVE-2021-3781 is a Ghostscript sandbox escape vulnerability. A crafted pipe command can escape the -dSAFER sandbox in the Ghostscript interpreter and execute arbitrary commands with the document’s privileges. The underlying cause is a pipe-based command injection that bypasses the interp...
CVE-2019-14812
CVE-2019-14812 affects Ghostscript before 9.50. A flaw in .setuserparams2 allows bypassing -dSAFER, enabling a crafted PostScript file to access the filesystem or run commands. Mitigation: update Ghostscript to 9.50 or later (validated advisories reference ALAS2-2021-1598 and related vendor notic...
CVE-2020-15900
CVE-2020-15900 affects Artifex Ghostscript 9.50 and 9.52. A memory corruption due to use of a non-standard PostScript operator can allow overriding of file access controls. The vulnerability also involves the calculation of the 'rsearch' for the 'post' size, which could overflow/underflow to max ...
CVE-2017-7207
Ghostscript (CVE-2017-7207) describes a NULL pointer dereference in mem_get_bits_rectangle leading to a denial of service via a crafted PostScript. Connected sources confirm this vulnerability affects IBM PowerKVM (PowerKVM 2.1 and 3.1) and are addressed by upgrading to PowerKVM 3.1.0.2 or later ...
CVE-2018-19134
CVE-2018-19134 affects Artifex Ghostscript (through 9.25). The setpattern operator mishandles certain types, causing a type-confusion in the pattern dictionary implementation. This could crash Ghostscript or potentially allow arbitrary code execution within the Ghostscript process when processing...
CVE-2018-19475
CVE-2018-19475 affects Artifex Ghostscript prior to 9.26. The root cause is that psi/zdevice2.c fails to check available stack space when the device remains the same, allowing remote attackers to bypass intended access restrictions. The issue is reported as a remote-access/bypass vulnerability in...
CVE-2018-10194
Ghostscript vulnerability CVE-2018-10194 resides in the pdfwrite code path (gdevpdts.c) where a stack-based out-of-bounds write in pdf_set_text_matrix can be triggered by a crafted PDF. Affected product is Ghostscript; historical references show the issue affecting Ghostscript up to version 9.22,...
CVE-2018-17183
CVE-2018-17183 affects Artifex Ghostscript up to version 9.25. Affected component: error handling structures in Ghostscript’s execution path. Root cause: a user-writable error exception table could be abused by remote attackers that supply crafted PostScript, potentially overwriting or replacing ...
CVE-2018-15910
Artifex Ghostscript before 9.24 is affected by a type confusion in the LockDistillerParams parameter that can be triggered by crafted PostScript, potentially crashing the interpreter or enabling code execution. This CVE (CVE-2018-15910) is corroborated across multiple sources (vendor advisories a...
CVE-2018-16863
Ghostscript on Red Hat/CentOS environments (Ghostscript 9.07 in RHEL7) contains an incomplete fix for CVE-2018-16509, allowing bypass of the -dSAFER protection via crafted PostScript and potential execution of arbitrary shell commands. CVE-2018-16863 ties to this by noting the residual flaw and i...
CVE-2020-16305
Ghostscript vulnerability CVE-2020-16305: A buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c of Ghostscript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF. Impact is DoS as described; upgrading to Ghostscript 9.51 fixes the issue. The CVE entry expli...
CVE-2023-4042
Ghostscript is the affected component. CVE-2023-4042 denotes an incomplete fix for CVE-2020-16305 in Ghostscript as shipped with Red Hat Enterprise Linux 8, with Red Hat advisories noting the fix was not included as claimed. Published connections from AlmaLinux and Amazon Linux advisories frame C...
CVE-2018-19477
CVE-2018-19477 relates to Artifex Ghostscript prior to 9.26, where a JBIG2Decode type confusion in psi/zfjbig2.c allows remote attackers to bypass access restrictions by sending specially crafted input. Public disclosures in multiple sources (e.g., Debian/Red Hat advisories, IBM PowerKVM bulletin...
CVE-2018-15908
Artifex Ghostscript 9.23, prior to 2018-08-23, is affected by a restriction-bypass in .tempfile that allows crafted PostScript files to bypass safety checks and write files. Impact is stated as enabling file writes via PostScript, with broader security fixes applied in multiple distros. Remediati...
CVE-2018-11645
Ghostscript (psi/zfile.c) before 9.21rc1 permits the status command even with -dSAFER, enabling remote attackers to determine the existence and size of arbitrary files. This CVE (CVE-2018-11645) is referenced in multiple advisories; upstream context ties it to Ghostscript’s handling of SAFER and ...
CVE-2018-18073
CVE-2018-18073 describes a sandbox-bypass vulnerability in Artifex Ghostscript. The issue arises in Ghostscript 9.25 and earlier where the saved execution stack can leak operator arrays or expose system operators in an error object, allowing a crafted PostScript to bypass -dSAFER/sandbox protecti...
CVE-2018-19476
Artifex Ghostscript before 9.26 contains a setcolorspace type confusion in psi/zicc.c that lets remote attackers bypass access restrictions. Affected: Ghostscript versions prior to 9.26 (e.g., 9.25 and earlier per advisories). Impact per sources ranges from information disclosure to potential cod...
CVE-2023-36664
CVE-2023-36664 affects Artifex Ghostscript up to version 10.01.2. The issue is a mishandling of permission validation for pipe devices (prefixes %pipe% or the | character), which could allow arbitrary command execution when processing crafted documents. Public advisories confirm the vulnerability...
CVE-2018-17961
CVE-2018-17961 affects Artifex Ghostscript 9.25 and earlier. It enables sandbox bypass via vectors involving errorhandler setup, saved execution stacks, or the 1Policy operator, potentially allowing code execution or sandbox escape when processing crafted PostScript. The issue is related to an in...
CVE-2018-15911
CVE-2018-15911 affects Artifex Ghostscript 9.23 prior to 2018-08-24. Attackers able to supply crafted PostScript can trigger uninitialized memory access in the aesdecode operator, potentially crashing the interpreter or executing code. Exploitation status is not detailed in the provided documents...
CVE-2018-15909
CVE-2018-15909 affects Artifex Ghostscript 9.23 (pre-2018-08-24). A type confusion in the .shfill PostScript operator can be triggered by specially crafted PostScript data, allowing an attacker to crash the Ghostscript interpreter or potentially execute arbitrary code. The vulnerability is docume...
CVE-2018-18284
Ghostscript 9.25 and earlier is affected by CVE-2018-18284, where the sandbox protection can be bypassed via vectors involving the 1Policy operator. Affected component: Ghostscript interpreter; root cause: sandbox bypass in policy handling. Impact: sandbox escape via crafted PostScript; in the Ar...