Ghostscript Security Vulnerabilities and Issues — Ghostscript CVE List

Lucene search

ArtifexGhostscript

9 matches found

cve•added 2023/12/06 8:15 p.m.•868 views

CVE-2023-46751

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.

7.5CVSS7.2AI score0.00111EPSS

cve•added 2023/09/18 8:15 a.m.•677 views

CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be spe...

8.8CVSS8.8AI score0.09902EPSS

cve•added 2023/08/01 5:15 p.m.•518 views

CVE-2023-38559

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.

5.5CVSS6.3AI score0.00013EPSS

cve•added 2023/08/01 5:15 p.m.•265 views

CVE-2023-38560

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.

5.5CVSS5.2AI score0.00018EPSS

cve•added 2023/08/23 1:15 p.m.•165 views

CVE-2023-4042

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.

5.5CVSS6.4AI score0.00483EPSS

cve•added 2023/03/31 5:15 p.m.•162 views

CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tr...

9.8CVSS9.6AI score0.15384EPSS

cve•added 2023/06/25 10:15 p.m.•136 views

CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

7.8CVSS7.7AI score0.0767EPSS

cve•added 2023/08/22 7:16 p.m.•126 views

CVE-2020-21890

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.

7.8CVSS7.3AI score0.01228EPSS

cve•added 2023/08/22 7:16 p.m.•84 views

CVE-2020-21710

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.

5.5CVSS5.3AI score0.00375EPSS