Ghostscript Security Vulnerabilities and Issues — Ghostscript CVE List

Lucene search

ArtifexGhostscript

3 matches found

CVE•added 2019/11/27 1:15 p.m.•355 views

CVE-2019-10216

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of r...

7.8CVSS7.6AI score0.00526EPSS

CVE•added 2019/11/15 12:15 p.m.•297 views

CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escala...

8.8CVSS8.5AI score0.0027EPSS

CVE•added 2019/11/27 2:15 p.m.•198 views

CVE-2019-14812

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...

7.8CVSS8.8AI score0.00545EPSS