rpm package
suse/ghostscript&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-36664 | — | < 9.52-150000.167.1 | 9.52-150000.167.1 | Jun 25, 2023 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||
| CVE-2023-28879 | — | < 9.52-150000.164.1 | 9.52-150000.164.1 | Mar 31, 2023 | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu | ||
| CVE-2021-45944 | — | < 9.52-161.1 | 9.52-161.1 | Dec 31, 2021 | Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | ||
| CVE-2021-45949 | — | < 9.52-161.1 | 9.52-161.1 | Dec 31, 2021 | Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). |
- CVE-2023-36664Jun 25, 2023affected < 9.52-150000.167.1fixed 9.52-150000.167.1
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
- CVE-2023-28879Mar 31, 2023affected < 9.52-150000.164.1fixed 9.52-150000.164.1
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu
- CVE-2021-45944Dec 31, 2021affected < 9.52-161.1fixed 9.52-161.1
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
- CVE-2021-45949Dec 31, 2021affected < 9.52-161.1fixed 9.52-161.1
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).