rpm package
suse/ghostscript&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-33871 | — | < 9.52-23.77.1 | 9.52-23.77.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi | ||
| CVE-2024-33870 | — | < 9.52-23.80.1 | 9.52-23.80.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g | ||
| CVE-2024-33869 | — | < 9.52-23.80.1 | 9.52-23.80.1 | Jul 3, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou | ||
| CVE-2024-29510 | — | < 9.52-23.80.1 | 9.52-23.80.1 | Jul 3, 2024 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | ||
| CVE-2024-29508 | — | < 9.52-23.83.1 | 9.52-23.83.1 | Jul 3, 2024 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | ||
| CVE-2023-52722 | — | < 9.52-23.74.1 | 9.52-23.74.1 | Apr 27, 2024 | An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. | ||
| CVE-2020-36773 | — | < 9.52-23.71.1 | 9.52-23.71.1 | Feb 4, 2024 | Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | ||
| CVE-2023-46751 | — | < 9.52-23.63.1 | 9.52-23.63.1 | Dec 6, 2023 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | ||
| CVE-2023-43115 | — | < 9.52-23.60.1 | 9.52-23.60.1 | Sep 18, 2023 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJ | ||
| CVE-2023-38559 | — | < 9.52-23.57.1 | 9.52-23.57.1 | Aug 1, 2023 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | ||
| CVE-2023-36664 | — | < 9.52-23.54.1 | 9.52-23.54.1 | Jun 25, 2023 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||
| CVE-2023-28879 | — | < 9.52-23.51.1 | 9.52-23.51.1 | Mar 31, 2023 | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu | ||
| CVE-2021-3781 | — | < 9.52-23.42.1 | 9.52-23.42.1 | Feb 16, 2022 | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript in | ||
| CVE-2021-45944 | — | < 9.52-23.48.1 | 9.52-23.48.1 | Dec 31, 2021 | Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). | ||
| CVE-2021-45949 | — | < 9.52-23.48.1 | 9.52-23.48.1 | Dec 31, 2021 | Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). | ||
| CVE-2020-15900 | — | < 9.52-23.39.1 | 9.52-23.39.1 | Jul 28, 2020 | A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32 | ||
| CVE-2020-12268 | — | < 9.52-23.34.1 | 9.52-23.34.1 | Apr 27, 2020 | jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | ||
| CVE-2019-14812 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Nov 27, 2019 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | ||
| CVE-2019-14869 | — | < 9.27-23.31.1 | 9.27-23.31.1 | Nov 15, 2019 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript | ||
| CVE-2019-14813 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 6, 2019 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav |
- CVE-2024-33871Jul 3, 2024affected < 9.52-23.77.1fixed 9.52-23.77.1
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbi
- CVE-2024-33870Jul 3, 2024affected < 9.52-23.80.1fixed 9.52-23.80.1
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will g
- CVE-2024-33869Jul 3, 2024affected < 9.52-23.80.1fixed 9.52-23.80.1
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# ou
- CVE-2024-29510Jul 3, 2024affected < 9.52-23.80.1fixed 9.52-23.80.1
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
- CVE-2024-29508Jul 3, 2024affected < 9.52-23.83.1fixed 9.52-23.83.1
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
- CVE-2023-52722Apr 27, 2024affected < 9.52-23.74.1fixed 9.52-23.74.1
An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.
- CVE-2020-36773Feb 4, 2024affected < 9.52-23.71.1fixed 9.52-23.71.1
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
- CVE-2023-46751Dec 6, 2023affected < 9.52-23.63.1fixed 9.52-23.63.1
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
- CVE-2023-43115Sep 18, 2023affected < 9.52-23.60.1fixed 9.52-23.60.1
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJ
- CVE-2023-38559Aug 1, 2023affected < 9.52-23.57.1fixed 9.52-23.57.1
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
- CVE-2023-36664Jun 25, 2023affected < 9.52-23.54.1fixed 9.52-23.54.1
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
- CVE-2023-28879Mar 31, 2023affected < 9.52-23.51.1fixed 9.52-23.51.1
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than fu
- CVE-2021-3781Feb 16, 2022affected < 9.52-23.42.1fixed 9.52-23.42.1
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript in
- CVE-2021-45944Dec 31, 2021affected < 9.52-23.48.1fixed 9.52-23.48.1
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
- CVE-2021-45949Dec 31, 2021affected < 9.52-23.48.1fixed 9.52-23.48.1
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
- CVE-2020-15900Jul 28, 2020affected < 9.52-23.39.1fixed 9.52-23.39.1
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32
- CVE-2020-12268Apr 27, 2020affected < 9.52-23.34.1fixed 9.52-23.34.1
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
- CVE-2019-14812Nov 27, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- CVE-2019-14869Nov 15, 2019affected < 9.27-23.31.1fixed 9.27-23.31.1
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript
- CVE-2019-14813Sep 6, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav
Page 1 of 2