VYPR

Ghostscript

by Artifex

Source repositories

CVEs (160)

  • CVE-2017-9739HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.03

    The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9727HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.03

    The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9726HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.03

    The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9612HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.02

    The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-9611HigJul 26, 2017
    risk 0.51cvss 7.8epss 0.02

    The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

  • CVE-2017-7948HigApr 19, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.

  • CVE-2016-8602HigApr 14, 2017
    risk 0.51cvss 7.8epss 0.03

    The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.

  • CVE-2016-10317HigApr 3, 2017
    risk 0.51cvss 7.8epss 0.02

    The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript…

  • CVE-2017-6196HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.02

    Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a…

  • CVE-2018-16542MedSep 5, 2018
    risk 0.36cvss 5.5epss 0.02

    In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

  • CVE-2018-16541MedSep 5, 2018
    risk 0.36cvss 5.5epss 0.01

    In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

  • CVE-2018-16539MedSep 5, 2018
    risk 0.36cvss 5.5epss 0.01

    In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

  • CVE-2016-7977MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.05

    Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

  • CVE-2017-8908MedMay 12, 2017
    risk 0.36cvss 5.5epss 0.01

    The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.

  • CVE-2017-5951MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

  • CVE-2016-10220MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.

  • CVE-2016-10219MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.02

    The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

  • CVE-2016-10218MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

  • CVE-2016-10217MedApr 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.

  • CVE-2017-7207MedMar 21, 2017
    risk 0.36cvss 5.5epss 0.02

    The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.

Page 2 of 8