rpm package
suse/ghostscript&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (35)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16509 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 5, 2018 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. | ||
| CVE-2018-15911 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Aug 28, 2018 | In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | ||
| CVE-2018-15910 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Aug 27, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | ||
| CVE-2018-15909 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Aug 27, 2018 | In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | ||
| CVE-2018-15908 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Aug 27, 2018 | In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | ||
| CVE-2018-10194 | — | < 9.15-23.10.2 | 9.15-23.10.2 | Apr 18, 2018 | The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have un | ||
| CVE-2017-11714 | Hig | 7.8 | < 9.15-23.7.1 | 9.15-23.7.1 | Jul 28, 2017 | psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds r | |
| CVE-2017-9835 | Hig | 7.8 | < 9.15-23.7.1 | 9.15-23.7.1 | Jul 26, 2017 | The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a la | |
| CVE-2017-9739 | Hig | 7.8 | < 9.15-23.7.1 | 9.15-23.7.1 | Jul 26, 2017 | The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2017-9727 | Hig | 7.8 | < 9.15-23.7.1 | 9.15-23.7.1 | Jul 26, 2017 | The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2017-9726 | Hig | 7.8 | < 9.15-23.7.1 | 9.15-23.7.1 | Jul 26, 2017 | The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2017-9612 | Hig | 7.8 | < 9.15-23.7.1 | 9.15-23.7.1 | Jul 26, 2017 | The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2017-9216 | Med | 6.5 | < 9.15-23.7.1 | 9.15-23.7.1 | May 24, 2017 | libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. | |
| CVE-2016-10317 | Hig | 7.8 | < 9.15-23.7.1 | 9.15-23.7.1 | Apr 3, 2017 | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document | |
| CVE-2016-10219 | Med | 5.5 | < 9.15-23.7.1 | 9.15-23.7.1 | Apr 3, 2017 | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. |
- CVE-2018-16509Sep 5, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
- CVE-2018-15911Aug 28, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
- CVE-2018-15910Aug 27, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
- CVE-2018-15909Aug 27, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
- CVE-2018-15908Aug 27, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
- CVE-2018-10194Apr 18, 2018affected < 9.15-23.10.2fixed 9.15-23.10.2
The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have un
- affected < 9.15-23.7.1fixed 9.15-23.7.1
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds r
- affected < 9.15-23.7.1fixed 9.15-23.7.1
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a la
- affected < 9.15-23.7.1fixed 9.15-23.7.1
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
- affected < 9.15-23.7.1fixed 9.15-23.7.1
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
- affected < 9.15-23.7.1fixed 9.15-23.7.1
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
- affected < 9.15-23.7.1fixed 9.15-23.7.1
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.
- affected < 9.15-23.7.1fixed 9.15-23.7.1
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.
- affected < 9.15-23.7.1fixed 9.15-23.7.1
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document
- affected < 9.15-23.7.1fixed 9.15-23.7.1
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
Page 2 of 2