68 matches found
CVE-2025-46646
CVE-2025-46646 affects Artifex Ghostscript prior to 10.05.0, where decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encodings. This issue is linked to an incomplete fix for CVE-2024-46954. Affected products include Ghostscript releases before 10.05.0; multiple advisories reference upgrades...
CVE-2018-16585
Artifex Ghostscript prior to 9.24 is affected by CVE-2018-16585 where the .setdistillerkeys PostScript command is accepted despite not being intended for document processing. This leads to memory corruption, enabling remote attackers able to supply crafted PostScript to crash the interpreter or p...
CVE-2024-46951
CVE-2024-46951 is an issue in Artifex Ghostscript (Pattern color space) where an unchecked Implementation pointer could lead to arbitrary code execution. Connected advisories confirm this affects Ghostscript’s PostScript/PDF interpreter and note a developer-identified fix in ghostpdl-10.04.0, add...
CVE-2025-27831
Summary: CVE-2025-27831 affects Ghostscript prior to 10.05.0, with a text buffer/Unicode decoding overrun in the DOCXWRITE TXTWRITE device (vector/doc_common.c). The vulnerability is confirmed by multiple connected sources (e.g., Debian security advisories and vendor advisories) referencing the s...
CVE-2025-27836
CVE-2025-27836 affects Ghostscript prior to 10.05.0, with a print buffer overflow in the BJ10V device (contrib/japanese/gdev10v.c). The issue is confirmed in multiple advisories, and a fix was deployed as part of ghostpdl-10.05.0. Connected documents indicate the vulnerability arises from imprope...
CVE-2025-27830
Ghostscript vulnerability CVE-2025-27830: a buffer overflow occurs when serializing DollarBlend in fonts, tracked to base/write_t1.c and psi/zfapi.c, in affected Ghostscript releases prior to 10.05.0. Exploitation could lead to denial of service and potentially arbitrary code execution if malform...
CVE-2018-16513
CVE-2018-16513 affects Artifex Ghostscript prior to 9.24. A crafted PostScript file can trigger a type confusion in the setcolor function, potentially crashing the Ghostscript interpreter or causing unspecified other impact. Mitigation documented across multiple sources is to upgrade Ghostscript ...
CVE-2024-46953
CVE-2024-46953 concerns Ghostscript before 10.04.0, where an integer overflow while parsing the output filename format string in base/gsdevice.c can cause path truncation, enabling path traversal and potential code execution. Affected: Ghostscript PS/PDF interpreter, notably ghostpdl-10.04.0 and ...
CVE-2025-27837
CVE-2025-27837 affects Artifex Ghostscript prior to 10.05.0. A vulnerability in path handling allows access to arbitrary files via a truncated path containing invalid UTF-8 characters in base/gp_mswin.c and base/winrtsup.cpp. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a CRIT...
CVE-2025-48708
The CVE-2025-48708 entry is confirmed to affect Artifex Ghostscript and is not a placeholder. The issue is in gs_lib_ctx_stash_sanitized_arg (base/gslibctx.c) before 10.05.1, where argument sanitization for the # case is missing, allowing a created PDF to include its password in cleartext. Affect...
CVE-2024-29506
Artifex Ghostscript is affected by CVE-2024-29506: Ghostscript before 10.03.0 contains a stack-based buffer overflow in pdfi_apply_filter() triggered by a long PDF filter name. Impact, per available references, includes potential memory corruption with high-severity risk; exploitation details are...
CVE-2024-46954
Ghostscript before 10.05.0 is affected by decode_utf8() in base/gp_utf8.c mishandling of overlong UTF-8 encoding, enabling a potential directory traversal (CVE-2024-46954). Connected advisories corroborate the issue exists across multiple Linux distributions and note the fix requires upgrading Gh...
CVE-2025-27833
CVE-2025-27833 affects Artifex Ghostscript prior to 10.05.0. A buffer overflow occurs when processing a long TTF font name in pdf/pdf_fmap.c. The CVSS metrics (LOCAL exploit, user interaction required, high impact on confidentiality, integrity, availability) are documented. Remediation is to upgr...
CVE-2024-46952
CVE-2024-46952 affects Artifex Ghostscript before 10.04.0. The issue is a buffer overflow in the PDF processing path, specifically in pdf/pdf_xref.c during handling of a PDF XRef stream (related to W array values). The vulnerability is triggered when processing certain PDF cross-reference streams...
CVE-2024-46955
CVE-2024-46955 : Ghostscript contains an out-of-bounds read in psi/zcolor.c when reading color in Indexed color space, before version 10.04.0. Impact is a local issue with user interaction required (per CVSS details: AV:L, UI:R, Availability:A:H). The fix is indicated by the ghostpdl-10.04.0 comm...
CVE-2025-27834
CVE-2025-27834 affects Artifex Ghostscript prior to 10.05.0. The issue is a buffer overflow triggered by an oversized Type 4 function in a PDF, specifically in pdf/pdf_func.c. Connected sources corroborate the affected component and the root cause (buffer overflow when processing large Type 4 fun...
CVE-2024-29507
CVE-2024-29507 affects Artifex Ghostscript prior to 10.03.0. The vulnerability is described in multiple sources as a heap-based pointer disclosure observable in a constructed BaseFont name within pdf_base_font_alloc, in addition to the already noted stack-based issues (CIDFSubstPath/CIDFSubstFont...
CVE-2024-29509
CVE-2024-29509 affects Artifex Ghostscript before 10.03.0, where a heap-based overflow occurs when PDFPassword (e.g., for runpdf) contains a embedded NUL byte in the middle. This can lead to corruption or potential code execution as described in public disclosures. The vulnerability is attributed...