rpm package
opensuse/ghostscript&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweed
Vulnerabilities (85)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59801 | Med | 4.3 | < 10.06.0-2.1 | 10.06.0-2.1 | Sep 22, 2025 | In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked. | |
| CVE-2025-59800 | Med | 4.3 | < 10.06.0-2.1 | 10.06.0-2.1 | Sep 22, 2025 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. | |
| CVE-2025-59799 | Med | 4.3 | < 10.06.0-2.1 | 10.06.0-2.1 | Sep 22, 2025 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. | |
| CVE-2025-59798 | Med | 4.3 | < 10.06.0-2.1 | 10.06.0-2.1 | Sep 22, 2025 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | |
| CVE-2025-48708 | Med | 4.0 | < 10.05.1-1.1 | 10.05.1-1.1 | May 23, 2025 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. | |
| CVE-2025-46646 | Med | 4.5 | < 10.05.1-1.1 | 10.05.1-1.1 | Apr 26, 2025 | In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954. | |
| CVE-2025-27837 | Cri | 9.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp. | |
| CVE-2025-27836 | Cri | 9.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. | |
| CVE-2025-27835 | Hig | 7.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. | |
| CVE-2025-27834 | Hig | 7.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c. | |
| CVE-2025-27833 | Hig | 7.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c. | |
| CVE-2025-27832 | Cri | 9.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | |
| CVE-2025-27831 | Cri | 9.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. | |
| CVE-2025-27830 | Hig | 7.8 | < 10.05.0-1.1 | 10.05.0-1.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c. | |
| CVE-2024-46956 | Hig | 7.8 | < 10.04.0-1.1 | 10.04.0-1.1 | Nov 10, 2024 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | |
| CVE-2024-46955 | Med | 5.5 | < 10.04.0-1.1 | 10.04.0-1.1 | Nov 10, 2024 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | |
| CVE-2024-46954 | Hig | 7.8 | < 10.04.0-1.1 | 10.04.0-1.1 | Nov 10, 2024 | An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. | |
| CVE-2024-46953 | Hig | 7.8 | < 10.04.0-1.1 | 10.04.0-1.1 | Nov 10, 2024 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | |
| CVE-2024-46952 | Hig | 7.8 | < 10.04.0-1.1 | 10.04.0-1.1 | Nov 10, 2024 | An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). | |
| CVE-2024-46951 | Hig | 7.8 | < 10.04.0-1.1 | 10.04.0-1.1 | Nov 10, 2024 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. |
- affected < 10.06.0-2.1fixed 10.06.0-2.1
In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
- affected < 10.06.0-2.1fixed 10.06.0-2.1
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
- affected < 10.06.0-2.1fixed 10.06.0-2.1
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
- affected < 10.06.0-2.1fixed 10.06.0-2.1
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
- affected < 10.05.1-1.1fixed 10.05.1-1.1
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
- affected < 10.05.1-1.1fixed 10.05.1-1.1
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
- affected < 10.05.0-1.1fixed 10.05.0-1.1
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
- affected < 10.04.0-1.1fixed 10.04.0-1.1
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
- affected < 10.04.0-1.1fixed 10.04.0-1.1
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
- affected < 10.04.0-1.1fixed 10.04.0-1.1
An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
- affected < 10.04.0-1.1fixed 10.04.0-1.1
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
- affected < 10.04.0-1.1fixed 10.04.0-1.1
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
- affected < 10.04.0-1.1fixed 10.04.0-1.1
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Page 1 of 5