rpm package
almalinux/libgs
pkg:rpm/almalinux/libgs
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27832 | — | < 9.54.0-19.el9_6 | 9.54.0-19.el9_6 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | ||
| CVE-2024-46956 | — | < 9.27-16.el8_10 | 9.27-16.el8_10 | Nov 10, 2024 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | ||
| CVE-2024-46954 | — | < 9.27-16.el8_10 | 9.27-16.el8_10 | Nov 10, 2024 | An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. | ||
| CVE-2024-46953 | — | < 9.27-16.el8_10 | 9.27-16.el8_10 | Nov 10, 2024 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | ||
| CVE-2024-46952 | — | < 9.27-16.el8_10 | 9.27-16.el8_10 | Nov 10, 2024 | An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). | ||
| CVE-2024-46951 | — | < 9.27-16.el8_10 | 9.27-16.el8_10 | Nov 10, 2024 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. | ||
| CVE-2024-33871 | — | < 9.54.0-16.el9_4 | 9.54.0-16.el9_4 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi | ||
| CVE-2024-33870 | — | < 9.54.0-17.el9_4 | 9.54.0-17.el9_4 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g | ||
| CVE-2024-33869 | — | < 9.54.0-17.el9_4 | 9.54.0-17.el9_4 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou | ||
| CVE-2024-29510 | — | < 9.54.0-17.el9_4 | 9.54.0-17.el9_4 | Jul 3, 2024 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | ||
| CVE-2023-46751 | — | < 9.27-16.el8_10 | 9.27-16.el8_10 | Dec 6, 2023 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | ||
| CVE-2023-43115 | — | < 9.54.0-11.el9_2 | 9.54.0-11.el9_2 | Sep 18, 2023 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJ | ||
| CVE-2023-4042 | — | < 9.27-11.el8 | 9.27-11.el8 | Aug 23, 2023 | A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. | ||
| CVE-2020-21710 | — | < 9.27-12.el8 | 9.27-12.el8 | Aug 22, 2023 | A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. | ||
| CVE-2023-38559 | — | < 9.54.0-13.el9 | 9.54.0-13.el9 | Aug 1, 2023 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | ||
| CVE-2023-36664 | — | < 9.54.0-10.el9_2 | 9.54.0-10.el9_2 | Jun 25, 2023 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||
| CVE-2023-28879 | — | < 9.54.0-13.el9 | 9.54.0-13.el9 | Mar 31, 2023 | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu | ||
| CVE-2020-27792 | — | < 9.27-16.el8_10 | 9.27-16.el8_10 | Aug 19, 2022 | A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a | ||
| CVE-2020-14373 | — | < 9.27-1.el8 | 9.27-1.el8 | Sep 3, 2020 | A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. | ||
| CVE-2020-17538 | — | < 9.27-1.el8 | 9.27-1.el8 | Aug 13, 2020 | A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
- CVE-2025-27832Mar 25, 2025affected < 9.54.0-19.el9_6fixed 9.54.0-19.el9_6
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
- CVE-2024-46956Nov 10, 2024affected < 9.27-16.el8_10fixed 9.27-16.el8_10
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
- CVE-2024-46954Nov 10, 2024affected < 9.27-16.el8_10fixed 9.27-16.el8_10
An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
- CVE-2024-46953Nov 10, 2024affected < 9.27-16.el8_10fixed 9.27-16.el8_10
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
- CVE-2024-46952Nov 10, 2024affected < 9.27-16.el8_10fixed 9.27-16.el8_10
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
- CVE-2024-46951Nov 10, 2024affected < 9.27-16.el8_10fixed 9.27-16.el8_10
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
- CVE-2024-33871Jul 3, 2024affected < 9.54.0-16.el9_4fixed 9.54.0-16.el9_4
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi
- CVE-2024-33870Jul 3, 2024affected < 9.54.0-17.el9_4fixed 9.54.0-17.el9_4
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g
- CVE-2024-33869Jul 3, 2024affected < 9.54.0-17.el9_4fixed 9.54.0-17.el9_4
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou
- CVE-2024-29510Jul 3, 2024affected < 9.54.0-17.el9_4fixed 9.54.0-17.el9_4
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
- CVE-2023-46751Dec 6, 2023affected < 9.27-16.el8_10fixed 9.27-16.el8_10
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
- CVE-2023-43115Sep 18, 2023affected < 9.54.0-11.el9_2fixed 9.54.0-11.el9_2
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJ
- CVE-2023-4042Aug 23, 2023affected < 9.27-11.el8fixed 9.27-11.el8
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
- CVE-2020-21710Aug 22, 2023affected < 9.27-12.el8fixed 9.27-12.el8
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.
- CVE-2023-38559Aug 1, 2023affected < 9.54.0-13.el9fixed 9.54.0-13.el9
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
- CVE-2023-36664Jun 25, 2023affected < 9.54.0-10.el9_2fixed 9.54.0-10.el9_2
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
- CVE-2023-28879Mar 31, 2023affected < 9.54.0-13.el9fixed 9.54.0-13.el9
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu
- CVE-2020-27792Aug 19, 2022affected < 9.27-16.el8_10fixed 9.27-16.el8_10
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a
- CVE-2020-14373Sep 3, 2020affected < 9.27-1.el8fixed 9.27-1.el8
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
- CVE-2020-17538Aug 13, 2020affected < 9.27-1.el8fixed 9.27-1.el8
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Page 1 of 3