Lucene search
K

68 matches found

CVE
CVE
•added 2025/04/26 12:0 a.m.•123 views

CVE-2025-46646

CVE-2025-46646 affects Artifex Ghostscript prior to 10.05.0, where decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encodings. This issue is linked to an incomplete fix for CVE-2024-46954. Affected products include Ghostscript releases before 10.05.0; multiple advisories reference upgrades...

4.5CVSS6.9AI score0.00156EPSS
CVE
CVE
•added 2018/09/06 1:0 p.m.•122 views

CVE-2018-16585

Artifex Ghostscript prior to 9.24 is affected by CVE-2018-16585 where the .setdistillerkeys PostScript command is accepted despite not being intended for document processing. This leads to memory corruption, enabling remote attackers able to supply crafted PostScript to crash the interpreter or p...

7.8CVSS7.3AI score0.01721EPSS
CVE
CVE
•added 2024/11/10 12:0 a.m.•118 views

CVE-2024-46951

CVE-2024-46951 is an issue in Artifex Ghostscript (Pattern color space) where an unchecked Implementation pointer could lead to arbitrary code execution. Connected advisories confirm this affects Ghostscript’s PostScript/PDF interpreter and note a developer-identified fix in ghostpdl-10.04.0, add...

7.8CVSS7.1AI score0.00356EPSS
CVE
CVE
•added 2025/03/25 12:0 a.m.•118 views

CVE-2025-27831

Summary: CVE-2025-27831 affects Ghostscript prior to 10.05.0, with a text buffer/Unicode decoding overrun in the DOCXWRITE TXTWRITE device (vector/doc_common.c). The vulnerability is confirmed by multiple connected sources (e.g., Debian security advisories and vendor advisories) referencing the s...

9.8CVSS7.3AI score0.00579EPSS
CVE
CVE
•added 2025/03/25 12:0 a.m.•116 views

CVE-2025-27836

CVE-2025-27836 affects Ghostscript prior to 10.05.0, with a print buffer overflow in the BJ10V device (contrib/japanese/gdev10v.c). The issue is confirmed in multiple advisories, and a fix was deployed as part of ghostpdl-10.05.0. Connected documents indicate the vulnerability arises from imprope...

9.8CVSS7.4AI score0.00579EPSS
CVE
CVE
•added 2025/03/25 12:0 a.m.•114 views

CVE-2025-27830

Ghostscript vulnerability CVE-2025-27830: a buffer overflow occurs when serializing DollarBlend in fonts, tracked to base/write_t1.c and psi/zfapi.c, in affected Ghostscript releases prior to 10.05.0. Exploitation could lead to denial of service and potentially arbitrary code execution if malform...

7.8CVSS7.4AI score0.00281EPSS
CVE
CVE
•added 2018/09/05 1:0 p.m.•111 views

CVE-2018-16513

CVE-2018-16513 affects Artifex Ghostscript prior to 9.24. A crafted PostScript file can trigger a type confusion in the setcolor function, potentially crashing the Ghostscript interpreter or causing unspecified other impact. Mitigation documented across multiple sources is to upgrade Ghostscript ...

7.8CVSS8AI score0.01501EPSS
CVE
CVE
•added 2024/11/10 12:0 a.m.•109 views

CVE-2024-46953

CVE-2024-46953 concerns Ghostscript before 10.04.0, where an integer overflow while parsing the output filename format string in base/gsdevice.c can cause path truncation, enabling path traversal and potential code execution. Affected: Ghostscript PS/PDF interpreter, notably ghostpdl-10.04.0 and ...

7.8CVSS7.2AI score0.00387EPSS
CVE
CVE
•added 2025/03/25 12:0 a.m.•106 views

CVE-2025-27837

CVE-2025-27837 affects Artifex Ghostscript prior to 10.05.0. A vulnerability in path handling allows access to arbitrary files via a truncated path containing invalid UTF-8 characters in base/gp_mswin.c and base/winrtsup.cpp. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a CRIT...

9.8CVSS7AI score0.00586EPSS
CVE
CVE
•added 2025/05/23 12:0 a.m.•106 views

CVE-2025-48708

The CVE-2025-48708 entry is confirmed to affect Artifex Ghostscript and is not a placeholder. The issue is in gs_lib_ctx_stash_sanitized_arg (base/gslibctx.c) before 10.05.1, where argument sanitization for the # case is missing, allowing a created PDF to include its password in cleartext. Affect...

4CVSS4.4AI score0.00276EPSS
CVE
CVE
•added 2024/07/03 12:0 a.m.•104 views

CVE-2024-29506

Artifex Ghostscript is affected by CVE-2024-29506: Ghostscript before 10.03.0 contains a stack-based buffer overflow in pdfi_apply_filter() triggered by a long PDF filter name. Impact, per available references, includes potential memory corruption with high-severity risk; exploitation details are...

8.8CVSS7.5AI score0.00909EPSS
CVE
CVE
•added 2024/11/10 12:0 a.m.•104 views

CVE-2024-46954

Ghostscript before 10.05.0 is affected by decode_utf8() in base/gp_utf8.c mishandling of overlong UTF-8 encoding, enabling a potential directory traversal (CVE-2024-46954). Connected advisories corroborate the issue exists across multiple Linux distributions and note the fix requires upgrading Gh...

8.4CVSS6.4AI score0.0055EPSS
CVE
CVE
•added 2025/03/25 12:0 a.m.•102 views

CVE-2025-27833

CVE-2025-27833 affects Artifex Ghostscript prior to 10.05.0. A buffer overflow occurs when processing a long TTF font name in pdf/pdf_fmap.c. The CVSS metrics (LOCAL exploit, user interaction required, high impact on confidentiality, integrity, availability) are documented. Remediation is to upgr...

7.8CVSS7.3AI score0.0022EPSS
CVE
CVE
•added 2024/11/10 12:0 a.m.•101 views

CVE-2024-46952

CVE-2024-46952 affects Artifex Ghostscript before 10.04.0. The issue is a buffer overflow in the PDF processing path, specifically in pdf/pdf_xref.c during handling of a PDF XRef stream (related to W array values). The vulnerability is triggered when processing certain PDF cross-reference streams...

8.4CVSS6.9AI score0.00316EPSS
CVE
CVE
•added 2024/11/10 12:0 a.m.•91 views

CVE-2024-46955

CVE-2024-46955 : Ghostscript contains an out-of-bounds read in psi/zcolor.c when reading color in Indexed color space, before version 10.04.0. Impact is a local issue with user interaction required (per CVSS details: AV:L, UI:R, Availability:A:H). The fix is indicated by the ghostpdl-10.04.0 comm...

5.5CVSS6.4AI score0.00296EPSS
CVE
CVE
•added 2025/03/25 12:0 a.m.•91 views

CVE-2025-27834

CVE-2025-27834 affects Artifex Ghostscript prior to 10.05.0. The issue is a buffer overflow triggered by an oversized Type 4 function in a PDF, specifically in pdf/pdf_func.c. Connected sources corroborate the affected component and the root cause (buffer overflow when processing large Type 4 fun...

7.8CVSS7.3AI score0.00255EPSS
CVE
CVE
•added 2024/07/03 12:0 a.m.•89 views

CVE-2024-29507

CVE-2024-29507 affects Artifex Ghostscript prior to 10.03.0. The vulnerability is described in multiple sources as a heap-based pointer disclosure observable in a constructed BaseFont name within pdf_base_font_alloc, in addition to the already noted stack-based issues (CIDFSubstPath/CIDFSubstFont...

5.4CVSS7.7AI score0.00717EPSS
CVE
CVE
•added 2024/07/03 12:0 a.m.•87 views

CVE-2024-29509

CVE-2024-29509 affects Artifex Ghostscript before 10.03.0, where a heap-based overflow occurs when PDFPassword (e.g., for runpdf) contains a embedded NUL byte in the middle. This can lead to corruption or potential code execution as described in public disclosures. The vulnerability is attributed...

8.8CVSS7.2AI score0.01446EPSS
Total number of security vulnerabilities68