Ghostscript Security Vulnerabilities and Issues — Ghostscript CVE List

Lucene search

ArtifexGhostscript

18 matches found

CVE•added 2017/04/27 1:59 a.m.•1073 views

CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.

7.8CVSS7.9AI score0.92482EPSS

CVE•added 2017/03/21 6:59 a.m.•191 views

CVE-2017-7207

The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.

5.5CVSS5.6AI score0.00524EPSS

CVE•added 2017/08/07 8:29 p.m.•142 views

CVE-2016-7976

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.

8.8CVSS8.2AI score0.6807EPSS

CVE•added 2017/05/23 4:29 a.m.•139 views

CVE-2016-7978

Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.

9.8CVSS9.3AI score0.02959EPSS

CVE•added 2017/04/03 5:59 a.m.•120 views

CVE-2016-10217

The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.

5.5CVSS5.8AI score0.00471EPSS

CVE•added 2017/04/03 5:59 a.m.•120 views

CVE-2017-5951

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

5.5CVSS5.8AI score0.00531EPSS

CVE•added 2017/04/03 8:59 p.m.•100 views

CVE-2016-10317

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

7.8CVSS6.8AI score0.00363EPSS

CVE•added 2017/07/26 7:29 p.m.•88 views

CVE-2017-9835

The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer ov...

7.8CVSS6.9AI score0.00356EPSS

CVE•added 2017/04/03 5:59 a.m.•86 views

CVE-2016-10219

The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

5.5CVSS5.8AI score0.00935EPSS

CVE•added 2017/07/28 5:29 a.m.•86 views

CVE-2017-11714

psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_relo...

7.8CVSS6.7AI score0.0032EPSS

CVE•added 2017/07/26 7:29 p.m.•86 views

CVE-2017-9611

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

7.8CVSS7.9AI score0.00376EPSS

CVE•added 2017/05/23 4:29 a.m.•80 views

CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

5.5CVSS7AI score0.01521EPSS

CVE•added 2017/04/03 5:59 a.m.•78 views

CVE-2016-10220

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.

5.5CVSS5.8AI score0.00935EPSS

CVE•added 2017/04/14 6:59 p.m.•77 views

CVE-2016-8602

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.

7.8CVSS8.9AI score0.00312EPSS

CVE•added 2017/05/23 4:29 a.m.•76 views

CVE-2016-7979

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

9.8CVSS9.6AI score0.00828EPSS

CVE•added 2017/04/03 5:59 a.m.•55 views

CVE-2016-10218

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

5.5CVSS5.8AI score0.00374EPSS

CVE•added 2017/05/12 7:29 a.m.•55 views

CVE-2017-8908

The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.

5.5CVSS5.5AI score0.00374EPSS

CVE•added 2017/04/19 2:59 p.m.•46 views

CVE-2017-7948

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.

7.8CVSS7.2AI score0.00226EPSS