Lucene search
+L
ArtifexGhostscript

129 matches found

CVE
CVE
added 2020/08/13 2:8 a.m.179 views

CVE-2020-16298

CVE-2020-16298 is a Ghostscript vulnerability affecting version 9.50 where a buffer overflow in the function mj_color_correct() (contrib/japanese/gdevmjc.c) could allow a remote attacker to cause a denial of service via a crafted PDF file. The issue is addressed in Ghostscript v9.51. Connected do...

5.5CVSS5.9AI score0.01988EPSS
CVE
CVE
added 2020/08/13 2:9 a.m.179 views

CVE-2020-16304

Ghostscript (Artifex) v9.18–v9.50 contains a buffer overflow in image_render_color_thresh() in base/gxicolor.c that could allow a remote attacker to escalate privileges via a crafted EPS file. The issue is addressed in v9.51. Connected sources corroborate the vulnerability in Ghostscript and refe...

5.5CVSS6.4AI score0.01931EPSS
CVE
CVE
added 2024/07/03 12:0 a.m.179 views

CVE-2024-29508

CVE-2024-29508 affects Artifex Ghostscript prior to 10.03.0. The issue is a heap-based pointer disclosure observable in a constructed BaseFont name, in the function pdf_base_font_alloc. Documents consistently describe this Ghostscript vulnerability as enabling information leakage. The CVSSv3.1 ve...

3.3CVSS6.5AI score0.00375EPSS
CVE
CVE
added 2018/08/27 5:0 p.m.178 views

CVE-2018-15909

CVE-2018-15909 affects Artifex Ghostscript 9.23 (pre-2018-08-24). A type confusion in the .shfill PostScript operator can be triggered by specially crafted PostScript data, allowing an attacker to crash the Ghostscript interpreter or potentially execute arbitrary code. The vulnerability is docume...

7.8CVSS6.6AI score0.03019EPSS
CVE
CVE
added 2018/08/28 4:0 a.m.178 views

CVE-2018-15911

CVE-2018-15911 affects Artifex Ghostscript 9.23 prior to 2018-08-24. Attackers able to supply crafted PostScript can trigger uninitialized memory access in the aesdecode operator, potentially crashing the interpreter or executing code. Exploitation status is not detailed in the provided documents...

7.8CVSS6.7AI score0.03037EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.177 views

CVE-2020-16301

CVE-2020-16301 affects Artifex Software Ghostscript v9.50. A buffer overflow in the function okiibm_print_page1() (devices/gdevokii.c) could allow a remote attacker to cause a denial of service via a crafted PDF file. The vulnerability is explicitly fixed in Ghostscript 9.51. The available connec...

5.5CVSS5.9AI score0.0191EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.175 views

CVE-2020-16291

Ghostscript vulnerability CVE-2020-16291 is a buffer overflow in contrib/gdevdj9.c affecting Ghostscript versions 9.18 through 9.50, which can cause a denial of service when processing a crafted PDF. The issue is fixed in Ghostscript 9.51. Affected users should upgrade to >= 9.51 to mitigate t...

5.5CVSS6.1AI score0.02258EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.175 views

CVE-2020-16297

CVE-2020-16297 describes a buffer overflow in Ghostscript: FloydSteinbergDitheringC() in contrib/gdevbjca.c affects Ghostscript 9.18–9.50 and can allow a remote attacker to cause a denial of service via a crafted PDF file. The issue is fixed in Ghostscript v9.51. Affected products and exact compo...

5.5CVSS6.1AI score0.02258EPSS
CVE
CVE
added 2020/08/13 2:9 a.m.175 views

CVE-2020-16307

Ghostscript (Artifex) vulnerable in version 9.50 due to a null pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c, which could allow a remote attacker to cause a denial of service via a crafted PostScript file. The issue is mitigated by upgrading to version 9.51 (as reported by CVE...

5.5CVSS5.7AI score0.01775EPSS
CVE
CVE
added 2020/09/03 5:54 p.m.174 views

CVE-2020-14373

CVE-2020-14373 involves a use-after-free in igc_reloc_struct_ptr() (psi/igc.c) of Ghostscript, reported in version 9.25. A local attacker could craft a PDF to trigger a denial of service. The available documents confirm the root cause location and impact (DoS) but do not provide published exploit...

5.5CVSS5.9AI score0.00453EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.172 views

CVE-2016-7978

GBGhostscript CVE-2016-7978 is a use-after-free caused by a reference leak in .setdevice, enabling remote code execution. The IBM PowerKVM bulletin confirms Ghostscript-related fixes and states PowerKVM 2.1/3.1 are affected, with remediation via updates: PowerKVM 3.1.0.2 update 5 or later (and 2....

9.8CVSS9.3AI score0.05527EPSS
CVE
CVE
added 2020/08/13 2:10 a.m.172 views

CVE-2020-17538

Ghostscript vulnerability CVE-2020-17538: a buffer overflow in GetNumSameData() within contrib/lips4/gdevlips.c affects Ghostscript versions 9.18–9.50 and can cause a denial of service when processing crafted PDFs. The issue is fixed in v9.51; affected users should upgrade to Ghostscript 9.51 or ...

5.5CVSS6.1AI score0.01931EPSS
CVE
CVE
added 2020/08/13 2:9 a.m.169 views

CVE-2020-16303

CVE-2020-16303 : A use-after-free in xps_finish_image_path() (devices/vector/gdevxps.c) of Artifex Software GhostScript v9.50 can let a remote attacker escalate privileges via a crafted PDF. The issue is fixed in Ghostscript v9.51. Affected product: Ghostscript (Artifex). Remediation: upgrade to ...

7.8CVSS7.3AI score0.01793EPSS
CVE
CVE
added 2018/09/10 4:0 p.m.168 views

CVE-2018-16802

Artifex Ghostscript prior to 9.25 is affected by CVE-2018-16802: incorrect “restoration of privilege” checking when stack overflows during exception handling could allow code execution via crafted PostScript using the pipe operator. This stems from an incomplete fix for CVE-2018-16509. The issue ...

7.8CVSS7.3AI score0.02159EPSS
CVE
CVE
added 2022/04/25 3:29 a.m.167 views

CVE-2019-25059

CVE-2019-25059 affects Artifex Ghostscript (through 9.26) with a mishandling of .completefont, noted as stemming from an incomplete fix for CVE-2019-3839. Connected advisories/tracker data indicate a remediation via Ghostscript package updates (e.g., Debian’s 9.26+ and vendor advisories urging up...

7.8CVSS7.9AI score0.0112EPSS
CVE
CVE
added 2022/08/19 10:46 p.m.167 views

CVE-2020-27792

CVE-2020-27792 is a heap-based buffer overflow in Ghostscript affecting the lp8000_print_page() path (gdevlp8k.c). The flaw can be triggered by a crafted PDF, potentially causing memory corruption or a denial of service. The vulnerability is cited across multiple advisories (Ghostscript/GhostPDL)...

7.1CVSS7AI score0.00437EPSS
CVE
CVE
added 2020/08/13 2:7 a.m.166 views

CVE-2020-16287

Ghostscript v9.50 is affected by a buffer overflow in lprn_is_black() (contrib/lips4/gdevlprn.c) that could allow a remote attacker to cause a denial of service via a crafted PDF. The issue is fixed in Ghostscript v9.51. Suggested action: upgrade to 9.51 or later. CVSS data present in the provide...

5.5CVSS5.9AI score0.0187EPSS
CVE
CVE
added 2018/09/05 6:0 p.m.163 views

CVE-2018-16543

CVE-2018-16543 affects Ghostscript. In versions prior to 9.24, the functions gssetresolution and gsgetresolution could be exploited to cause an unspecified impact. Public advisories in the connected set (EulerOS, openSUSE/SUSE/SUSE-like updates) confirm the issue and show a remediation path: upgr...

7.8CVSS6.5AI score0.01274EPSS
CVE
CVE
added 2020/08/13 2:9 a.m.162 views

CVE-2020-16309

CVE-2020-16309 : Ghostscript v9.50 contains a buffer overflow in lxm5700m_print_page() (devices/gdevlxm.c) that can be exploited remotely via a crafted EPS file to cause a DoS. Root cause: bounds-check failure in that printer/page rendering path. A fix is available in Ghostscript v9.51; upgrade t...

5.5CVSS5.9AI score0.0187EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.161 views

CVE-2020-16294

The CVE-2020-16294 vulnerability is a buffer overflow in Ghostscript v9.50 affecting epsc_print_page() in devices/gdevepsc.c, exploitable via a crafted PDF to cause a denial of service. The issue is fixed in Ghostscript v9.51; remediation is to upgrade to at least 9.51. The connected sources (e.g...

5.5CVSS5.9AI score0.0187EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.159 views

CVE-2020-16295

Ghostscript v9.50 contains a null pointer dereference in clj_media_size() (devices/gdevclj.c) that allows remote attackers to cause a denial of service via crafted PDF files. The issue affects Artifex Ghostscript 9.50 and is fixed in version 9.51. Mitigation: upgrade to 9.51 or newer. The CVE is ...

5.5CVSS5.7AI score0.01775EPSS
CVE
CVE
added 2020/08/13 2:9 a.m.159 views

CVE-2020-16308

CVE-2020-16308 affects Artifex Software Ghostscript v9.50, with a vulnerability in p_print_image() in devices/gdevcdj.c that could allow a remote attacker to cause a denial-of-service via a crafted PDF file. The issue is mitigated by upgrading to Ghostscript v9.51, which contains the fix. Referen...

5.5CVSS5.9AI score0.0187EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.158 views

CVE-2016-7976

CVE-2016-7976 concerns Ghostscript’s PS Interpreter. The initial document states that Ghostscript versions 9.18 and 9.20 are affected, and that a remote attacker can execute arbitrary code via crafted userparams. Connected sources reiterate the same CVE across multiple advisories and Nessus plugi...

8.8CVSS8.2AI score0.23453EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.158 views

CVE-2020-16296

Ghostscript (Artifex) vulnerable in GetNumWrongData() within contrib/lips4/gdevlips.c across versions 9.18–9.50; exploitable by processing a crafted PDF file, resulting in denial of service. The issue is confirmed fixed in v9.51. Affected releases and fixes are corroborated across multiple source...

5.5CVSS6.1AI score0.02053EPSS
CVE
CVE
added 2018/09/05 6:0 p.m.157 views

CVE-2018-16541

Ghostscript before 9.24 is affected by CVE-2018-16541 due to incorrect free logic in pagedevice replacement when processing crafted PostScript files, which can crash the interpreter. Affected products in public advisories include Ghostscript packages across several distributions (e.g., CentOS 7, ...

5.5CVSS6.2AI score0.01412EPSS
CVE
CVE
added 2020/08/13 2:7 a.m.157 views

CVE-2020-16289

CVE-2020-16289 describes a buffer overflow in Ghostscript 9.50, specifically in cif_print_page() within devices/gdevcif.c, which could allow a remote attacker to cause a denial of service by processing a crafted PDF. The issue is fixed in Ghostscript 9.51. Affected product: Artifex Software Ghost...

5.5CVSS5.9AI score0.01988EPSS
CVE
CVE
added 2020/08/13 2:9 a.m.155 views

CVE-2020-16306

Ghostscript v9.50 is affected by a NULL pointer dereference in devices/gdevtsep.c that allows remote denial-of-service via a crafted PostScript file. The issue is fixed in Ghostscript 9.51. Affected products and impact are described in CVE-2020-16306 entries across multiple advisories (e.g., Debi...

5.5CVSS5.7AI score0.01775EPSS
CVE
CVE
added 2020/08/13 2:9 a.m.154 views

CVE-2020-16302

Ghostscript 9.50 contains a buffer overflow in jetp3852_print_page() (devices/gdev3852.c) that could let a remote attacker escalate privileges via a crafted PDF. The issue is fixed in Ghostscript 9.51. Connected sources (CVE-2020-16302) corroborate the flaw and its remediation across distribution...

5.5CVSS6.2AI score0.0187EPSS
CVE
CVE
added 2018/09/05 6:0 p.m.149 views

CVE-2018-16542

CVE-2018-16542 affects Artifex Ghostscript prior to 9.24. An attacker could craft PostScript to trigger insufficient interpreter stack-size checking during error handling, potentially crashing the Ghostscript interpreter (denial of service). Some connected sources also describe a stack-based out-...

5.5CVSS6AI score0.01908EPSS
CVE
CVE
added 2020/08/13 2:7 a.m.149 views

CVE-2020-16290

CVE-2020-16290 describes a buffer overflow in Artifex Ghostscript (Ghostscript v9.50) specifically in jetp3852_print_page() within devices/gdev3852.c. Exploitation could allow a remote attacker to cause a denial of service by processing a crafted PDF file. The vulnerability was fixed in Ghostscri...

5.5CVSS5.9AI score0.01988EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.149 views

CVE-2020-16292

Ghostscript v9.50 contains a buffer overflow in mj_raster_cmd() (contrib/japanese/gdevmjc.c) that can be triggered by processing a crafted PDF, allowing a remote attacker to cause a denial of service. The issue is fixed in Ghostscript v9.51. Affected product: Artifex Ghostscript; vulnerable compo...

5.5CVSS5.9AI score0.01988EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.149 views

CVE-2020-21890

CVE-2020-21890 is a buffer overflow in Ghostscript 9.50 (function clj_media_size in devices/gdevclj.c) that can be triggered by opening crafted PDFs, leading to denial of service or other unspecified impact. Public references confirm Ghostscript versions around 9.50 are affected; remediation note...

7.8CVSS7.3AI score0.00707EPSS
CVE
CVE
added 2021/12/31 11:56 p.m.149 views

CVE-2021-45944

CVE-2021-45944 affects Ghostscript GhostPDL versions 9.50–9.53.3, with a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). The vulnerability is described in the connected Astra/NVD entries for Ghostscript; the root cause is a use-after-free in the sampled_data_...

5.5CVSS5.5AI score0.0136EPSS
CVE
CVE
added 2018/09/05 6:0 a.m.148 views

CVE-2018-16511

Artifex Ghostscript (pre-9.24) is vulnerable to a type confusion in ztype that remote attackers can exploit via crafted PostScript to crash the interpreter (possible other impact). The CVE entry for CVE-2018-16511 is supported by multiple advisories; remediation is to update Ghostscript to a newe...

7.8CVSS7.1AI score0.01938EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.148 views

CVE-2020-16300

Ghostscript 9.50 contains a buffer overflow in tiff12_print_page() (devices/gdevtfnx.c) that can be triggered by a crafted PDF file, allowing a remote attacker to cause denial of service. The issue is fixed in Ghostscript 9.51. Affected product: Artifex Ghostscript. Root cause: a buffer overflow ...

5.5CVSS5.9AI score0.01988EPSS
CVE
CVE
added 2020/08/13 2:7 a.m.147 views

CVE-2020-16288

Ghostscript (Artifex) CVE-2020-16288 affects the 9.50 release. The vulnerability is a buffer overflow in pj_common_print_page() within devices/gdevpjet.c, exploitable by processing a crafted PDF file and capable of causing a denial of service. The issue is fixed in Ghostscript 9.51 (upgrade recom...

5.5CVSS5.9AI score0.01988EPSS
CVE
CVE
added 2020/08/13 2:8 a.m.144 views

CVE-2020-16299

Ghostscript vulnerability CVE-2020-16299: A Division by Zero in bj10v_print_page() (contrib/japanese/gdev10v.c) of Artifex Ghostscript v9.50 can cause a denial of service via a crafted PDF. Affects Ghostscript 9.50; fixed in v9.51. Remediation is to upgrade to 9.51 or later. No exploit details ar...

5.5CVSS5.7AI score0.01833EPSS
CVE
CVE
added 2022/06/16 12:0 a.m.143 views

CVE-2022-2085

CVE-2022-2085 is a NULL pointer dereference in Ghostscript triggered when rendering a large number of bits; for bpp > 64, mem_x_device is used and init_device_procs is missing, causing crashes. The issue affects various Ghostscript deployments (e.g., Artifex Ghostscript and GPL Ghostscript) an...

5.5CVSS5.5AI score0.014EPSS
CVE
CVE
added 2018/09/05 6:0 a.m.142 views

CVE-2018-16510

CVE-2018-16510 refers to Ghostscript before 9.24, where an issue in the PDF primitives CS and SC incorrectly handled the exec stack. This could allow remote attackers to crash the interpreter or cause unspecified other impact by supplying crafted PDFs. The connected advisories confirm remediation...

7.8CVSS7.9AI score0.01745EPSS
CVE
CVE
added 2017/04/03 5:44 a.m.140 views

CVE-2017-5951

CVE-2017-5951 is a vulnerability in Artifex Ghostscript 9.20 where mem_get_bits_rectangle in base/gdevmem.c could cause a NULL pointer dereference and crash the application when processing a crafted file. This is a remote-denial-of-service/ crash scenario reported in the provided sources; no expl...

5.5CVSS5.8AI score0.01852EPSS
CVE
CVE
added 2018/09/05 6:0 p.m.140 views

CVE-2018-16539

CVE-2018-16539 affects Artifex Ghostscript (prior to 9.24). A crafted PostScript file could bypass access checks in temp file handling, allowing disclosure of files on the system. Multiple advisories (Debian, Red Hat/CentOS, Gentoo, Fedora, IBM PowerKVM, Amazon Linux) document this vulnerability ...

5.5CVSS6AI score0.01445EPSS
CVE
CVE
added 2021/12/31 11:54 p.m.140 views

CVE-2021-45949

CVE-2021-45949 affects Ghostscript GhostPDL 9.50 through 9.54.0. The vulnerability is a heap-based buffer overflow in the function sampled_data_finish, which is called from sampled_data_continue and interp. This is the specific flaw described in the provided documents. The vulnerability is associ...

5.5CVSS5.7AI score0.01401EPSS
CVE
CVE
added 2025/03/25 12:0 a.m.139 views

CVE-2025-27835

CVE-2025-27835 affects Ghostscript prior to 10.05.0. The issue is a buffer overflow that occurs when converting glyphs to Unicode in the code path psi/zbfont.c, caused by a mismatch in how data is copied (bytes vs. shorts). The vulnerability concerns the Ghostscript PostScript/PDF interpreter and...

7.8CVSS7.3AI score0.00288EPSS
CVE
CVE
added 2017/04/03 5:44 a.m.138 views

CVE-2016-10217

CVE-2016-10217 (Ghostscript 9.20): The pdf14_open function in base/gdevp14.c is vulnerable to a use-after-free via a crafted PostScript/PDF in the color management path, allowing remote denial of service (crash). The provided documents do not specify a vendor patch or remediation for this CVE. Mo...

5.5CVSS5.8AI score0.01459EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.132 views

CVE-2024-46956

CVE-2024-46956 affects Artifex Ghostscript (psi/zfile.c) with an out-of-bounds data access in filenameforall that can lead to arbitrary code execution on Ghostscript versions up to 10.04.0. Connected advisories confirm this vulnerability and provide patch guidance; mitigation is to update Ghostsc...

7.8CVSS7.2AI score0.00388EPSS
CVE
CVE
added 2025/03/25 12:0 a.m.128 views

CVE-2025-27832

The CVE-2025-27832 issue affects Ghostscript prior to 10.05.0, specifically the NPDL device’s Compression buffer in contrib/japanese/gdevnpdl.c, which leads to a buffer/integer overflow. Public reports from multiple sources (e.g., ALAS/Amazon Linux advisories and Astra Linux bulletin) confirm the...

9.8CVSS7.4AI score0.00806EPSS
CVE
CVE
added 2025/04/26 12:0 a.m.125 views

CVE-2025-46646

CVE-2025-46646 affects Artifex Ghostscript prior to 10.05.0, where decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encodings. This issue is linked to an incomplete fix for CVE-2024-46954. Affected products include Ghostscript releases before 10.05.0; multiple advisories reference upgrades...

4.5CVSS6.9AI score0.00156EPSS
CVE
CVE
added 2018/09/06 1:0 p.m.122 views

CVE-2018-16585

Artifex Ghostscript prior to 9.24 is affected by CVE-2018-16585 where the .setdistillerkeys PostScript command is accepted despite not being intended for document processing. This leads to memory corruption, enabling remote attackers able to supply crafted PostScript to crash the interpreter or p...

7.8CVSS7.3AI score0.01721EPSS
CVE
CVE
added 2024/11/10 12:0 a.m.120 views

CVE-2024-46951

CVE-2024-46951 is an issue in Artifex Ghostscript (Pattern color space) where an unchecked Implementation pointer could lead to arbitrary code execution. Connected advisories confirm this affects Ghostscript’s PostScript/PDF interpreter and note a developer-identified fix in ghostpdl-10.04.0, add...

7.8CVSS7.1AI score0.00356EPSS
CVE
CVE
added 2025/03/25 12:0 a.m.119 views

CVE-2025-27831

Summary: CVE-2025-27831 affects Ghostscript prior to 10.05.0, with a text buffer/Unicode decoding overrun in the DOCXWRITE TXTWRITE device (vector/doc_common.c). The vulnerability is confirmed by multiple connected sources (e.g., Debian security advisories and vendor advisories) referencing the s...

9.8CVSS7.3AI score0.00579EPSS
Total number of security vulnerabilities129