rpm package
suse/ghostscript-library&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8602 | Hig | 7.8 | < 8.62-32.41.1 | 8.62-32.41.1 | Apr 14, 2017 | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | |
| CVE-2016-10219 | Med | 5.5 | < 8.62-32.47.7.1 | 8.62-32.47.7.1 | Apr 3, 2017 | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |
| CVE-2017-7207 | Med | 5.5 | < 8.62-32.47.7.1 | 8.62-32.47.7.1 | Mar 21, 2017 | The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. | |
| CVE-2013-5653 | Med | 5.5 | < 8.62-32.38.1 | 8.62-32.38.1 | Mar 7, 2017 | The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |
| CVE-2015-3228 | — | < 8.62-32.38.1 | 8.62-32.38.1 | Aug 11, 2015 | Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds re |
- affected < 8.62-32.41.1fixed 8.62-32.41.1
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
- affected < 8.62-32.47.7.1fixed 8.62-32.47.7.1
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
- affected < 8.62-32.47.7.1fixed 8.62-32.47.7.1
The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.
- affected < 8.62-32.38.1fixed 8.62-32.38.1
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
- CVE-2015-3228Aug 11, 2015affected < 8.62-32.38.1fixed 8.62-32.38.1
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds re
Page 2 of 2