68 matches found
CVE-2024-33869
Artifex Ghostscript
CVE-2017-8291
Summary of CVE-2017-8291 (Ghostscript Type Confusion) : Ghostscript before or on 2017-04-26 allowed bypass of -dSAFER and remote command execution through a type confusion in parsing .eps/.rsdparams, specifically involving the substring "/OutputFile (%pipe%" in a crafted EPS input. In the wild ex...
CVE-2023-38559
CVE-2023-38559 is a Ghostscript vulnerability: a buffer overflow/ out-of-bounds condition in base/gdevdevn.c:1973 (devn_pcx_write_rle()) could allow a local attacker to cause a denial of service by processing a crafted PDF for a DEVN device with gs. The connected advisories confirm the issue and ...
CVE-2024-29510
CVE-2024-29510 affects Ghostscript before 10.03.1, enabling memory corruption and SAFER sandbox bypass via a format string injection in the uniprint device. The issue is addressed in Ghostscript 10.03.1; affected advisories (e.g., ALAS/AL2024 updates) recommend upgrading Ghostscript to mitigate r...
CVE-2024-29511
CVE-2024-29511 affects Artifex Ghostscript before 10.03.1. When Tesseract OCR is used, it allows a directory traversal that reads arbitrary files and can write error messages to arbitrary files via OCRLanguage (e.g., using debug_file /tmp/out and user_patterns_file /etc/passwd). The vulnerability...
CVE-2019-10216
CVE-2019-10216 concerns GPL Ghostscript. The vulnerability is in the .buildfont1 procedure, which did not properly secure privileged calls, allowing a crafted PostScript file to bypass -dSAFER and escalate privileges to access restricted files. Affected: Ghostscript prior to 9.50. Impact: potenti...
CVE-2023-52722
CVE-2023-52722 affects Artifex Ghostscript prior to 10.03.1 where SAFER mode in psi/zmisc1.c can allow eexec seeds outside the Type 1 standard. Connected advisories confirm affected Ghostscript versions and provide remediation guidance: upgrade to Ghostscript 10.03.1 or newer (or applicable patch...
CVE-2024-33871
CVE-2024-33871 affects Artifex Ghostscript prior to 10.03.1. The issue is in contrib/opvp/gdevopvp.c where the Driver parameter for opvp (and oprp) devices can specify an arbitrary dynamic library name, which is then loaded when processing a crafted PostScript document. This allows arbitrary code...
CVE-2024-33870
CVE-2024-33870 affects Artifex Ghostscript up to version 10.03.1. The issue is a path traversal vulnerability in PostScript handling that can reach arbitrary files when the current directory is within permitted paths, e.g., transforming ../../foo to ./../../foo and gaining access if ./ is allowed...
CVE-2018-16509
Ghostscript (Artifex) before 9.25 has an issue where /invalidaccess checks can fail, allowing crafted PostScript to bypass -dSAFER and execute code via the pipe instruction. Several advisories indicate this is a security flaw that could enable remote/unauthenticated code execution in Ghostscript ...
CVE-2019-3839
Ghostscript (Artifex) is affected by CVE-2019-3839: after the CVE-2019-6116 fix, some privileged operators remain accessible from various PostScript contexts, allowing a crafted PostScript file to access the filesystem outside -dSAFER constraints. The issue affects Ghostscript versions before 9.2...
CVE-2019-14811
Summary: Ghostscript before version 9.50 contains sandbox-safety bypasses in multiple procedures, notably the ".pdf_hook_DSC_Creator" path, allowing crafted PostScript to bypass -dSAFER and potentially access the file system or execute commands. Other vulnerable entry points include ".forceput" e...
CVE-2023-28879
CVE-2023-28879 affects Ghostscript (through 10.01.0) with a buffer overflow in base/sbcp.c affecting BCPEncode/BCPDecode/TBCPEncode/TBCPDecode. The issue can corrupt internal PostScript interpreter data when the write buffer is near full and an escaped character is written, potentially causing to...
CVE-2019-3835
CVE-2019-3835 affects Ghostscript prior to 9.27. A specially crafted PostScript file could cause a sandbox escape by abusing the internal superexec operator, allowing access to the filesystem outside -dSAFER. The issue was part of sandbox bypasses tied to various operators and has been fixed upst...
CVE-2019-14817
Ghostscript before version 9.50 is affected by sandbox escape flaws via multiple PostScript procedures, including .pdfexectoken, .pdf_hook_DSC_Creator, setuserparams, and setsystemparams, allowing bypass of -dSAFER and potential file-system access or command execution. Affected versions are befor...
CVE-2019-3838
Ghostscript prior to 9.27 is vulnerable to sandbox escape via crafted PostScript (CVE-2019-3835, CVE-2019-3838). The flaws enable access to the filesystem outside -dSAFER by exploiting the superexec/forceput paths in the internal dictionary. Upstream fixes are in 9.27; Arch Linux advisory recomme...
CVE-2018-16540
Artifex Ghostscript is affected by CVE-2018-16540 (ghostscript before 9.24). The issue is a use-after-free in the PDF14 converter’s copydevice handling that could crash the interpreter or have other unspecified impact when processing crafted PostScript/PDF. Evidence in connected advisories confir...
CVE-2018-19478
Ghostscript (Artifex) vulnerable before 9.26. A carefully crafted PDF can trigger an extremely long-running computation while parsing, potentially causing a denial of service. CVE-2018-19478. The connected sources indicate the issue exists in Ghostscript 9.25 and earlier; remediation is to upgrad...
CVE-2018-19409
Ghostscript advisory CVE-2018-19409 affects Artifex Ghostscript prior to 9.26, where LockSafetyParams is not checked correctly if another device is used. This is part of several post-2018 vulnerabilities in Ghostscript; Red Hat/CentOS and Debian/LTS advisories indicate that fixes were released in...
CVE-2018-19475
CVE-2018-19475 affects Artifex Ghostscript prior to 9.26. The root cause is that psi/zdevice2.c fails to check available stack space when the device remains the same, allowing remote attackers to bypass intended access restrictions. The issue is reported as a remote-access/bypass vulnerability in...
CVE-2018-17183
CVE-2018-17183 affects Artifex Ghostscript up to version 9.25. Affected component: error handling structures in Ghostscript’s execution path. Root cause: a user-writable error exception table could be abused by remote attackers that supply crafted PostScript, potentially overwriting or replacing ...
CVE-2018-15910
Artifex Ghostscript before 9.24 is affected by a type confusion in the LockDistillerParams parameter that can be triggered by crafted PostScript, potentially crashing the interpreter or enabling code execution. This CVE (CVE-2018-15910) is corroborated across multiple sources (vendor advisories a...
CVE-2023-4042
Ghostscript is the affected component. CVE-2023-4042 denotes an incomplete fix for CVE-2020-16305 in Ghostscript as shipped with Red Hat Enterprise Linux 8, with Red Hat advisories noting the fix was not included as claimed. Published connections from AlmaLinux and Amazon Linux advisories frame C...
CVE-2018-19477
CVE-2018-19477 relates to Artifex Ghostscript prior to 9.26, where a JBIG2Decode type confusion in psi/zfjbig2.c allows remote attackers to bypass access restrictions by sending specially crafted input. Public disclosures in multiple sources (e.g., Debian/Red Hat advisories, IBM PowerKVM bulletin...
CVE-2018-19476
Artifex Ghostscript before 9.26 contains a setcolorspace type confusion in psi/zicc.c that lets remote attackers bypass access restrictions. Affected: Ghostscript versions prior to 9.26 (e.g., 9.25 and earlier per advisories). Impact per sources ranges from information disclosure to potential cod...
CVE-2018-17961
CVE-2018-17961 affects Artifex Ghostscript 9.25 and earlier. It enables sandbox bypass via vectors involving errorhandler setup, saved execution stacks, or the 1Policy operator, potentially allowing code execution or sandbox escape when processing crafted PostScript. The issue is related to an in...
CVE-2024-29508
CVE-2024-29508 affects Artifex Ghostscript prior to 10.03.0. The issue is a heap-based pointer disclosure observable in a constructed BaseFont name, in the function pdf_base_font_alloc. Documents consistently describe this Ghostscript vulnerability as enabling information leakage. The CVSSv3.1 ve...
CVE-2020-16293
Ghostscript CVE-2020-16293 is a null pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() (base/gxblend.c) in Ghostscript v9.50 that can cause a denial-of-service when processing a crafted PDF. The issue is corrected in Ghostscript v9.51. Affected product: Ghostscri...
CVE-2020-16298
CVE-2020-16298 is a Ghostscript vulnerability affecting version 9.50 where a buffer overflow in the function mj_color_correct() (contrib/japanese/gdevmjc.c) could allow a remote attacker to cause a denial of service via a crafted PDF file. The issue is addressed in Ghostscript v9.51. Connected do...
CVE-2020-16301
CVE-2020-16301 affects Artifex Software Ghostscript v9.50. A buffer overflow in the function okiibm_print_page1() (devices/gdevokii.c) could allow a remote attacker to cause a denial of service via a crafted PDF file. The vulnerability is explicitly fixed in Ghostscript 9.51. The available connec...
CVE-2018-16802
Artifex Ghostscript prior to 9.25 is affected by CVE-2018-16802: incorrect “restoration of privilege” checking when stack overflows during exception handling could allow code execution via crafted PostScript using the pipe operator. This stems from an incomplete fix for CVE-2018-16509. The issue ...
CVE-2020-16287
Ghostscript v9.50 is affected by a buffer overflow in lprn_is_black() (contrib/lips4/gdevlprn.c) that could allow a remote attacker to cause a denial of service via a crafted PDF. The issue is fixed in Ghostscript v9.51. Suggested action: upgrade to 9.51 or later. CVSS data present in the provide...
CVE-2018-16543
CVE-2018-16543 affects Ghostscript. In versions prior to 9.24, the functions gssetresolution and gsgetresolution could be exploited to cause an unspecified impact. Public advisories in the connected set (EulerOS, openSUSE/SUSE/SUSE-like updates) confirm the issue and show a remediation path: upgr...
CVE-2020-16294
The CVE-2020-16294 vulnerability is a buffer overflow in Ghostscript v9.50 affecting epsc_print_page() in devices/gdevepsc.c, exploitable via a crafted PDF to cause a denial of service. The issue is fixed in Ghostscript v9.51; remediation is to upgrade to at least 9.51. The connected sources (e.g...
CVE-2020-16289
CVE-2020-16289 describes a buffer overflow in Ghostscript 9.50, specifically in cif_print_page() within devices/gdevcif.c, which could allow a remote attacker to cause a denial of service by processing a crafted PDF. The issue is fixed in Ghostscript 9.51. Affected product: Artifex Software Ghost...
CVE-2020-16295
Ghostscript v9.50 contains a null pointer dereference in clj_media_size() (devices/gdevclj.c) that allows remote attackers to cause a denial of service via crafted PDF files. The issue affects Artifex Ghostscript 9.50 and is fixed in version 9.51. Mitigation: upgrade to 9.51 or newer. The CVE is ...
CVE-2020-16308
CVE-2020-16308 affects Artifex Software Ghostscript v9.50, with a vulnerability in p_print_image() in devices/gdevcdj.c that could allow a remote attacker to cause a denial-of-service via a crafted PDF file. The issue is mitigated by upgrading to Ghostscript v9.51, which contains the fix. Referen...
CVE-2018-16541
Ghostscript before 9.24 is affected by CVE-2018-16541 due to incorrect free logic in pagedevice replacement when processing crafted PostScript files, which can crash the interpreter. Affected products in public advisories include Ghostscript packages across several distributions (e.g., CentOS 7, ...
CVE-2018-16542
CVE-2018-16542 affects Artifex Ghostscript prior to 9.24. An attacker could craft PostScript to trigger insufficient interpreter stack-size checking during error handling, potentially crashing the Ghostscript interpreter (denial of service). Some connected sources also describe a stack-based out-...
CVE-2020-16292
Ghostscript v9.50 contains a buffer overflow in mj_raster_cmd() (contrib/japanese/gdevmjc.c) that can be triggered by processing a crafted PDF, allowing a remote attacker to cause a denial of service. The issue is fixed in Ghostscript v9.51. Affected product: Artifex Ghostscript; vulnerable compo...
CVE-2020-16290
CVE-2020-16290 describes a buffer overflow in Artifex Ghostscript (Ghostscript v9.50) specifically in jetp3852_print_page() within devices/gdev3852.c. Exploitation could allow a remote attacker to cause a denial of service by processing a crafted PDF file. The vulnerability was fixed in Ghostscri...
CVE-2020-16288
Ghostscript (Artifex) CVE-2020-16288 affects the 9.50 release. The vulnerability is a buffer overflow in pj_common_print_page() within devices/gdevpjet.c, exploitable by processing a crafted PDF file and capable of causing a denial of service. The issue is fixed in Ghostscript 9.51 (upgrade recom...
CVE-2018-16511
Artifex Ghostscript (pre-9.24) is vulnerable to a type confusion in ztype that remote attackers can exploit via crafted PostScript to crash the interpreter (possible other impact). The CVE entry for CVE-2018-16511 is supported by multiple advisories; remediation is to update Ghostscript to a newe...
CVE-2020-16300
Ghostscript 9.50 contains a buffer overflow in tiff12_print_page() (devices/gdevtfnx.c) that can be triggered by a crafted PDF file, allowing a remote attacker to cause denial of service. The issue is fixed in Ghostscript 9.51. Affected product: Artifex Ghostscript. Root cause: a buffer overflow ...
CVE-2018-16510
CVE-2018-16510 refers to Ghostscript before 9.24, where an issue in the PDF primitives CS and SC incorrectly handled the exec stack. This could allow remote attackers to crash the interpreter or cause unspecified other impact by supplying crafted PDFs. The connected advisories confirm remediation...
CVE-2020-16299
Ghostscript vulnerability CVE-2020-16299: A Division by Zero in bj10v_print_page() (contrib/japanese/gdev10v.c) of Artifex Ghostscript v9.50 can cause a denial of service via a crafted PDF. Affects Ghostscript 9.50; fixed in v9.51. Remediation is to upgrade to 9.51 or later. No exploit details ar...
CVE-2025-27835
CVE-2025-27835 affects Ghostscript prior to 10.05.0. The issue is a buffer overflow that occurs when converting glyphs to Unicode in the code path psi/zbfont.c, caused by a mismatch in how data is copied (bytes vs. shorts). The vulnerability concerns the Ghostscript PostScript/PDF interpreter and...
CVE-2018-16539
CVE-2018-16539 affects Artifex Ghostscript (prior to 9.24). A crafted PostScript file could bypass access checks in temp file handling, allowing disclosure of files on the system. Multiple advisories (Debian, Red Hat/CentOS, Gentoo, Fedora, IBM PowerKVM, Amazon Linux) document this vulnerability ...
CVE-2024-46956
CVE-2024-46956 affects Artifex Ghostscript (psi/zfile.c) with an out-of-bounds data access in filenameforall that can lead to arbitrary code execution on Ghostscript versions up to 10.04.0. Connected advisories confirm this vulnerability and provide patch guidance; mitigation is to update Ghostsc...
CVE-2025-27832
The CVE-2025-27832 issue affects Ghostscript prior to 10.05.0, specifically the NPDL device’s Compression buffer in contrib/japanese/gdevnpdl.c, which leads to a buffer/integer overflow. Public reports from multiple sources (e.g., ALAS/Amazon Linux advisories and Astra Linux bulletin) confirm the...