Filtered by vendor Artifex Subscriptions
Filtered by product Ghostscript Subscriptions
Total 109 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-16289 4 Artifex, Canonical, Debian and 1 more 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 5.5 Medium
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-16288 4 Artifex, Canonical, Debian and 1 more 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 5.5 Medium
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-16287 4 Artifex, Canonical, Debian and 1 more 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more 2024-11-21 5.5 Medium
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
CVE-2020-15900 3 Artifex, Canonical, Opensuse 3 Ghostscript, Ubuntu Linux, Leap 2024-11-21 9.8 Critical
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVE-2020-14373 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2024-11-21 5.5 Medium
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
CVE-2019-6116 6 Artifex, Canonical, Debian and 3 more 12 Ghostscript, Ubuntu Linux, Debian Linux and 9 more 2024-11-21 7.8 High
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-3839 6 Artifex, Canonical, Debian and 3 more 6 Ghostscript, Ubuntu Linux, Debian Linux and 3 more 2024-11-21 7.8 High
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
CVE-2019-3838 5 Artifex, Debian, Fedoraproject and 2 more 12 Ghostscript, Debian Linux, Fedora and 9 more 2024-11-21 5.5 Medium
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVE-2019-3835 5 Artifex, Debian, Fedoraproject and 2 more 12 Ghostscript, Debian Linux, Fedora and 9 more 2024-11-21 5.5 Medium
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
CVE-2019-25059 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-11-21 7.8 High
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
CVE-2019-14869 4 Artifex, Fedoraproject, Opensuse and 1 more 5 Ghostscript, Fedora, Leap and 2 more 2024-11-21 8.8 High
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
CVE-2019-14817 5 Artifex, Debian, Fedoraproject and 2 more 7 Ghostscript, Debian Linux, Fedora and 4 more 2024-11-21 7.8 High
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14813 5 Artifex, Debian, Fedoraproject and 2 more 13 Ghostscript, Debian Linux, Fedora and 10 more 2024-11-21 9.8 Critical
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14812 3 Artifex, Fedoraproject, Redhat 4 Ghostscript, Fedora, 3scale Amp and 1 more 2024-11-21 7.8 High
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-14811 5 Artifex, Debian, Fedoraproject and 2 more 7 Ghostscript, Debian Linux, Fedora and 4 more 2024-11-21 7.8 High
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2019-10216 2 Artifex, Redhat 10 Ghostscript, 3scale Amp, 3scale Api Management and 7 more 2024-11-21 7.8 High
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
CVE-2018-19478 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-11-21 N/A
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
CVE-2018-19477 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 N/A
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
CVE-2018-19476 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 N/A
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
CVE-2018-19475 4 Artifex, Canonical, Debian and 1 more 11 Ghostscript, Ubuntu Linux, Debian Linux and 8 more 2024-11-21 N/A
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.