rpm package
suse/ghostscript&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46956 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | ||
| CVE-2024-46955 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | ||
| CVE-2024-46953 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | ||
| CVE-2024-46951 | — | < 9.52-150000.200.1 | 9.52-150000.200.1 | Nov 10, 2024 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. | ||
| CVE-2024-33871 | — | < 9.52-150000.191.1 | 9.52-150000.191.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi | ||
| CVE-2024-33870 | — | < 9.52-150000.194.1 | 9.52-150000.194.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g | ||
| CVE-2024-33869 | — | < 9.52-150000.194.1 | 9.52-150000.194.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou | ||
| CVE-2024-29510 | — | < 9.52-150000.194.1 | 9.52-150000.194.1 | Jul 3, 2024 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | ||
| CVE-2023-46751 | — | < 9.52-150000.177.1 | 9.52-150000.177.1 | Dec 6, 2023 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | ||
| CVE-2023-43115 | — | < 9.52-150000.173.2 | 9.52-150000.173.2 | Sep 18, 2023 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJ | ||
| CVE-2023-36664 | — | < 9.52-150000.167.1 | 9.52-150000.167.1 | Jun 25, 2023 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||
| CVE-2023-28879 | — | < 9.52-150000.164.1 | 9.52-150000.164.1 | Mar 31, 2023 | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu | ||
| CVE-2021-45944 | — | < 9.52-161.1 | 9.52-161.1 | Dec 31, 2021 | Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | ||
| CVE-2021-45949 | — | < 9.52-161.1 | 9.52-161.1 | Dec 31, 2021 | Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). |
- CVE-2024-46956Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
- CVE-2024-46955Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
- CVE-2024-46953Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
- CVE-2024-46951Nov 10, 2024affected < 9.52-150000.200.1fixed 9.52-150000.200.1
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
- CVE-2024-33871Jul 3, 2024affected < 9.52-150000.191.1fixed 9.52-150000.191.1
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi
- CVE-2024-33870Jul 3, 2024affected < 9.52-150000.194.1fixed 9.52-150000.194.1
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g
- CVE-2024-33869Jul 3, 2024affected < 9.52-150000.194.1fixed 9.52-150000.194.1
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou
- CVE-2024-29510Jul 3, 2024affected < 9.52-150000.194.1fixed 9.52-150000.194.1
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
- CVE-2023-46751Dec 6, 2023affected < 9.52-150000.177.1fixed 9.52-150000.177.1
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
- CVE-2023-43115Sep 18, 2023affected < 9.52-150000.173.2fixed 9.52-150000.173.2
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJ
- CVE-2023-36664Jun 25, 2023affected < 9.52-150000.167.1fixed 9.52-150000.167.1
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
- CVE-2023-28879Mar 31, 2023affected < 9.52-150000.164.1fixed 9.52-150000.164.1
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu
- CVE-2021-45944Dec 31, 2021affected < 9.52-161.1fixed 9.52-161.1
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
- CVE-2021-45949Dec 31, 2021affected < 9.52-161.1fixed 9.52-161.1
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).