rpm package
opensuse/ghostscript&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.6
Vulnerabilities (17)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59799 | — | < 9.52-150000.211.1 | 9.52-150000.211.1 | Sep 22, 2025 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. | ||
| CVE-2025-59798 | — | < 9.52-150000.211.1 | 9.52-150000.211.1 | Sep 22, 2025 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | ||
| CVE-2025-48708 | — | < 9.52-150000.206.1 | 9.52-150000.206.1 | May 23, 2025 | gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. | ||
| CVE-2025-27836 | — | < 9.52-150000.203.1 | 9.52-150000.203.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c. | ||
| CVE-2025-27835 | — | < 9.52-150000.203.1 | 9.52-150000.203.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c. | ||
| CVE-2025-27832 | — | < 9.52-150000.203.1 | 9.52-150000.203.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c. | ||
| CVE-2025-27831 | — | < 9.52-150000.203.1 | 9.52-150000.203.1 | Mar 25, 2025 | An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c. | ||
| CVE-2024-46956 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | ||
| CVE-2024-46955 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | ||
| CVE-2024-46953 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | ||
| CVE-2024-46951 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. | ||
| CVE-2024-33871 | — | < 9.52-150000.191.1 | 9.52-150000.191.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi | ||
| CVE-2024-33870 | — | < 9.52-150000.194.1 | 9.52-150000.194.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g | ||
| CVE-2024-33869 | — | < 9.52-150000.194.1 | 9.52-150000.194.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou | ||
| CVE-2024-29510 | — | < 9.52-150000.194.1 | 9.52-150000.194.1 | Jul 3, 2024 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | ||
| CVE-2024-29508 | — | < 9.52-150000.197.1 | 9.52-150000.197.1 | Jul 3, 2024 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | ||
| CVE-2023-52722 | — | < 9.52-150000.188.1 | 9.52-150000.188.1 | Apr 27, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. |
- CVE-2025-59799Sep 22, 2025affected < 9.52-150000.211.1fixed 9.52-150000.211.1
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
- CVE-2025-59798Sep 22, 2025affected < 9.52-150000.211.1fixed 9.52-150000.211.1
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
- CVE-2025-48708May 23, 2025affected < 9.52-150000.206.1fixed 9.52-150000.206.1
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
- CVE-2025-27836Mar 25, 2025affected < 9.52-150000.203.1fixed 9.52-150000.203.1
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
- CVE-2025-27835Mar 25, 2025affected < 9.52-150000.203.1fixed 9.52-150000.203.1
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
- CVE-2025-27832Mar 25, 2025affected < 9.52-150000.203.1fixed 9.52-150000.203.1
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
- CVE-2025-27831Mar 25, 2025affected < 9.52-150000.203.1fixed 9.52-150000.203.1
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
- CVE-2024-46956Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
- CVE-2024-46955Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
- CVE-2024-46953Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
- CVE-2024-46951Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
- CVE-2024-33871Jul 3, 2024affected < 9.52-150000.191.1fixed 9.52-150000.191.1
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi
- CVE-2024-33870Jul 3, 2024affected < 9.52-150000.194.1fixed 9.52-150000.194.1
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g
- CVE-2024-33869Jul 3, 2024affected < 9.52-150000.194.1fixed 9.52-150000.194.1
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou
- CVE-2024-29510Jul 3, 2024affected < 9.52-150000.194.1fixed 9.52-150000.194.1
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
- CVE-2024-29508Jul 3, 2024affected < 9.52-150000.197.1fixed 9.52-150000.197.1
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
- CVE-2023-52722Apr 27, 2024affected < 9.52-150000.188.1fixed 9.52-150000.188.1
An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.