Lucene search
+L

9 matches found

cve
cve
•added 2013/11/15 8:0 p.m.•16211 views

CVE-2013-6629

The CVE-2013-6629 issue affects libjpeg 6b and libjpeg-turbo up to 1.3.0, used by Chrome prior to 31.0.1650.48, Ghostscript, and other products. The vulnerability arises in get_sos() in jdmarker.c, which does not properly validate certain duplications of component data after SOS JPEG markers, all...

5CVSS6.1AI score0.10117EPSS
cve
cve
•added 2018/09/05 6:0 a.m.•301 views

CVE-2018-16509

Ghostscript (Artifex) before 9.25 has an issue where /invalidaccess checks can fail, allowing crafted PostScript to bypass -dSAFER and execute code via the pipe instruction. Several advisories indicate this is a security flaw that could enable remote/unauthenticated code execution in Ghostscript ...

9.3CVSS7.2AI score0.92499EPSS
cve
cve
•added 2018/08/27 5:0 p.m.•201 views

CVE-2018-15910

Artifex Ghostscript before 9.24 is affected by a type confusion in the LockDistillerParams parameter that can be triggered by crafted PostScript, potentially crashing the interpreter or enabling code execution. This CVE (CVE-2018-15910) is corroborated across multiple sources (vendor advisories a...

7.8CVSS6.7AI score0.03037EPSS
cve
cve
•added 2018/10/19 10:0 p.m.•179 views

CVE-2018-18284

Ghostscript 9.25 and earlier is affected by CVE-2018-18284, where the sandbox protection can be bypassed via vectors involving the 1Policy operator. Affected component: Ghostscript interpreter; root cause: sandbox bypass in policy handling. Impact: sandbox escape via crafted PostScript; in the Ar...

8.6CVSS6.3AI score0.16288EPSS
cve
cve
•added 2018/08/27 5:0 p.m.•177 views

CVE-2018-15909

CVE-2018-15909 affects Artifex Ghostscript 9.23 (pre-2018-08-24). A type confusion in the .shfill PostScript operator can be triggered by specially crafted PostScript data, allowing an attacker to crash the Ghostscript interpreter or potentially execute arbitrary code. The vulnerability is docume...

7.8CVSS6.6AI score0.03019EPSS
cve
cve
•added 2018/08/28 4:0 a.m.•177 views

CVE-2018-15911

CVE-2018-15911 affects Artifex Ghostscript 9.23 prior to 2018-08-24. Attackers able to supply crafted PostScript can trigger uninitialized memory access in the aesdecode operator, potentially crashing the interpreter or executing code. Exploitation status is not detailed in the provided documents...

7.8CVSS6.7AI score0.03037EPSS
cve
cve
•added 2018/09/05 6:0 a.m.•142 views

CVE-2018-16510

CVE-2018-16510 refers to Ghostscript before 9.24, where an issue in the PDF primitives CS and SC incorrectly handled the exec stack. This could allow remote attackers to crash the interpreter or cause unspecified other impact by supplying crafted PDFs. The connected advisories confirm remediation...

7.8CVSS7.9AI score0.01745EPSS
cve
cve
•added 2018/04/23 9:0 p.m.•112 views

CVE-2016-9601

CVE-2016-9601 : Ghostscript before version 9.21 is vulnerable to a heap-based buffer overflow in the jbig2_decode_gray_scale_image function used for JBIG2 halftone decoding, potentially causing a segmentation fault when parsing a crafted PostScript/PDF with an embedded JBIG2 image, per multiple c...

5.5CVSS6.4AI score0.01813EPSS
cve
cve
•added 2018/09/05 1:0 p.m.•111 views

CVE-2018-16513

CVE-2018-16513 affects Artifex Ghostscript prior to 9.24. A crafted PostScript file can trigger a type confusion in the setcolor function, potentially crashing the Ghostscript interpreter or causing unspecified other impact. Mitigation documented across multiple sources is to upgrade Ghostscript ...

7.8CVSS8AI score0.01501EPSS