Ghostscript Security Vulnerabilities and Issues — Ghostscript CVE List

Lucene search

ArtifexGhostscript

9 matches found

CVE•added 2017/04/27 1:59 a.m.•1076 views

CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

7.8CVSS7.9AI score0.92482EPSS

CVE•added 2017/04/03 5:59 a.m.•120 views

CVE-2016-10217

The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.

5.5CVSS5.8AI score0.00471EPSS

CVE•added 2017/04/03 5:59 a.m.•120 views

CVE-2017-5951

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

5.5CVSS5.8AI score0.00531EPSS

CVE•added 2017/04/03 8:59 p.m.•100 views

CVE-2016-10317

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

7.8CVSS6.8AI score0.00363EPSS

CVE•added 2017/04/03 5:59 a.m.•86 views

CVE-2016-10219

The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

5.5CVSS5.8AI score0.00935EPSS

CVE•added 2017/04/03 5:59 a.m.•78 views

CVE-2016-10220

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.

5.5CVSS5.8AI score0.00935EPSS

CVE•added 2017/04/14 6:59 p.m.•77 views

CVE-2016-8602

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.

7.8CVSS8.9AI score0.00312EPSS

CVE•added 2017/04/03 5:59 a.m.•55 views

CVE-2016-10218

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

5.5CVSS5.8AI score0.00374EPSS

CVE•added 2017/04/19 2:59 p.m.•47 views

CVE-2017-7948

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.

7.8CVSS7.2AI score0.00226EPSS