Ghostscript Security Vulnerabilities and Issues — Ghostscript CVE List

Lucene search

ArtifexGhostscript

9 matches found

CVE•added 2023/12/06 8:15 p.m.•912 views

CVE-2023-46751

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

7.5CVSS7.2AI score0.00192EPSS

CVE•added 2023/09/18 8:15 a.m.•726 views

CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be spe...

8.8CVSS8.8AI score0.20478EPSS

CVE•added 2023/08/01 5:15 p.m.•563 views

CVE-2023-38559

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

5.5CVSS6.3AI score0.00019EPSS

CVE•added 2023/08/01 5:15 p.m.•313 views

CVE-2023-38560

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.

5.5CVSS5.2AI score0.00019EPSS

CVE•added 2023/08/23 1:15 p.m.•172 views

CVE-2023-4042

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

5.5CVSS6.4AI score0.00651EPSS

CVE•added 2023/03/31 5:15 p.m.•170 views

CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tr...

9.8CVSS9.6AI score0.28629EPSS

CVE•added 2023/06/25 10:15 p.m.•146 views

CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

7.8CVSS7.7AI score0.04524EPSS

CVE•added 2023/08/22 7:16 p.m.•128 views

CVE-2020-21890

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.

7.8CVSS7.3AI score0.00632EPSS

CVE•added 2023/08/22 7:16 p.m.•88 views

CVE-2020-21710

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.

5.5CVSS5.3AI score0.00287EPSS