Lucene search
K
ArtifexGpl Ghostscript

16 matches found

CVE
CVE
added 2013/11/15 8:0 p.m.16208 views

CVE-2013-6629

The CVE-2013-6629 issue affects libjpeg 6b and libjpeg-turbo up to 1.3.0, used by Chrome prior to 31.0.1650.48, Ghostscript, and other products. The vulnerability arises in get_sos() in jdmarker.c, which does not properly validate certain duplications of component data after SOS JPEG markers, all...

5CVSS6.1AI score0.10117EPSS
CVE
CVE
added 2018/09/05 6:0 a.m.300 views

CVE-2018-16509

Ghostscript (Artifex) before 9.25 has an issue where /invalidaccess checks can fail, allowing crafted PostScript to bypass -dSAFER and execute code via the pipe instruction. Several advisories indicate this is a security flaw that could enable remote/unauthenticated code execution in Ghostscript ...

9.3CVSS7.2AI score0.92499EPSS
CVE
CVE
added 2018/08/27 5:0 p.m.200 views

CVE-2018-15910

Artifex Ghostscript before 9.24 is affected by a type confusion in the LockDistillerParams parameter that can be triggered by crafted PostScript, potentially crashing the interpreter or enabling code execution. This CVE (CVE-2018-15910) is corroborated across multiple sources (vendor advisories a...

7.8CVSS6.7AI score0.03037EPSS
CVE
CVE
added 2018/10/19 10:0 p.m.178 views

CVE-2018-18284

Ghostscript 9.25 and earlier is affected by CVE-2018-18284, where the sandbox protection can be bypassed via vectors involving the 1Policy operator. Affected component: Ghostscript interpreter; root cause: sandbox bypass in policy handling. Impact: sandbox escape via crafted PostScript; in the Ar...

8.6CVSS6.3AI score0.16288EPSS
CVE
CVE
added 2018/08/27 5:0 p.m.177 views

CVE-2018-15909

CVE-2018-15909 affects Artifex Ghostscript 9.23 (pre-2018-08-24). A type confusion in the .shfill PostScript operator can be triggered by specially crafted PostScript data, allowing an attacker to crash the Ghostscript interpreter or potentially execute arbitrary code. The vulnerability is docume...

7.8CVSS6.6AI score0.03019EPSS
CVE
CVE
added 2018/08/28 4:0 a.m.177 views

CVE-2018-15911

CVE-2018-15911 affects Artifex Ghostscript 9.23 prior to 2018-08-24. Attackers able to supply crafted PostScript can trigger uninitialized memory access in the aesdecode operator, potentially crashing the interpreter or executing code. Exploitation status is not detailed in the provided documents...

7.8CVSS6.7AI score0.03037EPSS
CVE
CVE
added 2018/09/05 6:0 a.m.141 views

CVE-2018-16510

CVE-2018-16510 refers to Ghostscript before 9.24, where an issue in the PDF primitives CS and SC incorrectly handled the exec stack. This could allow remote attackers to crash the interpreter or cause unspecified other impact by supplying crafted PDFs. The connected advisories confirm remediation...

7.8CVSS7.9AI score0.01745EPSS
CVE
CVE
added 2010/07/22 1:0 a.m.122 views

CVE-2009-4897

Ghostscript (GPL Ghostscript) contains CVE-2009-4897: a buffer overflow in gs/psi/iscan.c can be triggered by a crafted PDF with a long name, enabling remote code execution or memory corruption. Affected: Ghostscript 8.64 and earlier. Exploitation via crafted PDFs; memory corruption could lead to...

9.3CVSS7.8AI score0.06629EPSS
CVE
CVE
added 2018/09/05 1:0 p.m.111 views

CVE-2018-16513

CVE-2018-16513 affects Artifex Ghostscript prior to 9.24. A crafted PostScript file can trigger a type confusion in the setcolor function, potentially crashing the Ghostscript interpreter or causing unspecified other impact. Mitigation documented across multiple sources is to upgrade Ghostscript ...

7.8CVSS8AI score0.01501EPSS
CVE
CVE
added 2018/04/23 9:0 p.m.109 views

CVE-2016-9601

CVE-2016-9601 : Ghostscript before version 9.21 is vulnerable to a heap-based buffer overflow in the jbig2_decode_gray_scale_image function used for JBIG2 halftone decoding, potentially causing a segmentation fault when parsing a crafted PostScript/PDF with an embedded JBIG2 image, per multiple c...

5.5CVSS6.4AI score0.01813EPSS
CVE
CVE
added 2010/08/26 8:0 p.m.96 views

CVE-2009-3743

Ghostscript prior to 8.71 is affected by an off-by-one error in the Ins_MINDEX function of the TrueType bytecode interpreter, allowing a remote attacker to execute arbitrary code or cause a denial of service via a malformed TrueType font (heap memory corruption). The issue (CVE-2009-3743) is cite...

9.3CVSS8AI score0.06755EPSS
CVE
CVE
added 2010/05/19 10:0 p.m.85 views

CVE-2010-1628

CVE-2010-1628 affects GPL Ghostscript. Specifically, Ghostscript 8.64, 8.70 and possibly other versions are vulnerable to a context-dependent attacker who can trigger memory corruption in the interpreter stack via a PostScript file with unlimited recursive procedure invocations, potentially allow...

9.3CVSS7.4AI score0.04043EPSS
CVE
CVE
added 2010/05/12 12:0 a.m.83 views

CVE-2010-1869

CVE-2010-1869 is a Ghostscript vulnerability affecting 8.64/8.70 where the parser’s stack-based buffer overflow could allow context-dependent attackers to execute arbitrary code via a crafted PostScript file. Public advisories (Ubuntu USN-961-1, Debian DSA-2080-1, openSUSE/SUSE updates, SUSE open...

9.3CVSS7.6AI score0.09267EPSS
CVE
CVE
added 2010/07/22 1:0 a.m.76 views

CVE-2010-2055

Ghostscript before 8.71 is vulnerable to an information/command execution flaw where initialization files are read from the current working directory, enabling local users to run arbitrary PostScript via a Trojan horse file. Affected: Ghostscript 8.71 and earlier. Impact: local code/command execu...

7.2CVSS6.9AI score0.00505EPSS
CVE
CVE
added 2010/10/22 10:0 p.m.69 views

CVE-2010-4054

CVE-2010-4054 affects Ghostscript: the gs_type2_interpret function can be driven to crash via crafted font data in a compressed data stream (bug 691043), enabling a remote denial-of-service. Documented in MiracleLinux advisories and various OpenVAS/Nessus entries; patch/version details are not sp...

4.3CVSS6.2AI score0.0266EPSS
CVE
CVE
added 2012/09/06 9:0 p.m.53 views

CVE-2012-4875

Ghostscript 9.04 is affected by a heap-based buffer overflow in gdevwpr2.c when processing the OutputFile device parameter, enabling user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. The issue is documented as a potential vulnerability with th...

9.3CVSS8.2AI score0.04273EPSS