rpm package
suse/ghostscript-library&distro=SUSE Linux Enterprise Server 11 SP3-LTSS
pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16542 | — | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Sep 5, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. | ||
| CVE-2018-16541 | — | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Sep 5, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. | ||
| CVE-2018-16540 | — | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Sep 5, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact. | ||
| CVE-2018-16513 | — | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Sep 5, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact. | ||
| CVE-2018-16511 | — | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Sep 5, 2018 | An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. | ||
| CVE-2018-16509 | — | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Sep 5, 2018 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. | ||
| CVE-2018-15910 | — | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Aug 27, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | ||
| CVE-2017-9611 | Hig | 7.8 | < 8.62-32.47.13.1 | 8.62-32.47.13.1 | Jul 26, 2017 | The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. | |
| CVE-2016-7979 | Cri | 9.8 | < 8.62-32.38.1 | 8.62-32.38.1 | May 23, 2017 | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | |
| CVE-2016-7977 | Med | 5.5 | < 8.62-32.38.1 | 8.62-32.38.1 | May 23, 2017 | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. | |
| CVE-2017-8291 | Hig | 7.8 | KEV | < 8.62-32.46.1 | 8.62-32.46.1 | Apr 27, 2017 | Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. |
| CVE-2013-5653 | Med | 5.5 | < 8.62-32.38.1 | 8.62-32.38.1 | Mar 7, 2017 | The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. | |
| CVE-2015-3228 | — | < 8.62-32.38.1 | 8.62-32.38.1 | Aug 11, 2015 | Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds re |
- CVE-2018-16542Sep 5, 2018affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
- CVE-2018-16541Sep 5, 2018affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
- CVE-2018-16540Sep 5, 2018affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
- CVE-2018-16513Sep 5, 2018affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
- CVE-2018-16511Sep 5, 2018affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
- CVE-2018-16509Sep 5, 2018affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
- CVE-2018-15910Aug 27, 2018affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
- affected < 8.62-32.47.13.1fixed 8.62-32.47.13.1
The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.
- affected < 8.62-32.38.1fixed 8.62-32.38.1
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
- affected < 8.62-32.38.1fixed 8.62-32.38.1
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
- affected < 8.62-32.46.1fixed 8.62-32.46.1
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
- affected < 8.62-32.38.1fixed 8.62-32.38.1
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
- CVE-2015-3228Aug 11, 2015affected < 8.62-32.38.1fixed 8.62-32.38.1
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds re