Ghostscript
by Artifex
Source repositories
CVEs (160)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18284 | 0.00 | — | 0.16 | Oct 19, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |||
| CVE-2018-18073 | 0.00 | — | 0.03 | Oct 15, 2018 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | |||
| CVE-2015-3228 | 0.00 | — | 0.04 | Aug 11, 2015 | Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds… | |||
| CVE-2010-4820 | 0.00 | — | 0.00 | Oct 27, 2014 | Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. | |||
| CVE-2012-4875 | 0.00 | — | 0.04 | Sep 6, 2012 | Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to… | |||
| CVE-2010-4054 | 0.00 | — | 0.03 | Oct 23, 2010 | The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043. | |||
| CVE-2010-2055 | 0.00 | — | 0.01 | Jul 22, 2010 | Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using… | |||
| CVE-2010-1628 | 0.00 | — | 0.04 | May 19, 2010 | Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. | |||
| CVE-2009-0792 | 0.00 | — | 0.04 | Apr 14, 2009 | Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service… | |||
| CVE-2008-6679 | 0.00 | — | 0.04 | Apr 8, 2009 | Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file. | |||
| CVE-2007-6725 | 0.00 | — | 0.05 | Apr 8, 2009 | The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function. | |||
| CVE-2009-0584 | 0.00 | — | 0.04 | Mar 23, 2009 | icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2009-0583 | 0.00 | — | 0.05 | Mar 23, 2009 | Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service… | |||
| CVE-2004-0967 | 0.00 | — | 0.00 | Feb 9, 2005 | The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. | |||
| CVE-2003-0354 | 0.00 | — | 0.02 | Jun 16, 2003 | Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job. | |||
| CVE-2002-0363 | 0.00 | — | 0.02 | May 29, 2002 | ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | |||
| CVE-2001-1353 | 0.00 | — | 0.00 | Sep 18, 2001 | ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. | |||
| CVE-2000-1163 | 0.00 | — | 0.00 | Jan 9, 2001 | ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes… | |||
| CVE-2000-1162 | 0.00 | — | 0.00 | Jan 9, 2001 | ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack. | |||
| CVE-1999-0155 | 0.00 | — | 0.03 | Aug 31, 1995 | The ghostscript command with the -dSAFER option allows remote attackers to execute commands. |
- CVE-2018-18284Oct 19, 2018risk 0.00cvss —epss 0.16
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
- CVE-2018-18073Oct 15, 2018risk 0.00cvss —epss 0.03
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
- CVE-2015-3228Aug 11, 2015risk 0.00cvss —epss 0.04
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds…
- CVE-2010-4820Oct 27, 2014risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
- CVE-2012-4875Sep 6, 2012risk 0.00cvss —epss 0.04
Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to…
- CVE-2010-4054Oct 23, 2010risk 0.00cvss —epss 0.03
The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.
- CVE-2010-2055Jul 22, 2010risk 0.00cvss —epss 0.01
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using…
- CVE-2010-1628May 19, 2010risk 0.00cvss —epss 0.04
Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.
- CVE-2009-0792Apr 14, 2009risk 0.00cvss —epss 0.04
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service…
- CVE-2008-6679Apr 8, 2009risk 0.00cvss —epss 0.04
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
- CVE-2007-6725Apr 8, 2009risk 0.00cvss —epss 0.05
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
- CVE-2009-0584Mar 23, 2009risk 0.00cvss —epss 0.04
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly…
- CVE-2009-0583Mar 23, 2009risk 0.00cvss —epss 0.05
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service…
- CVE-2004-0967Feb 9, 2005risk 0.00cvss —epss 0.00
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
- CVE-2003-0354Jun 16, 2003risk 0.00cvss —epss 0.02
Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.
- CVE-2002-0363May 29, 2002risk 0.00cvss —epss 0.02
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
- CVE-2001-1353Sep 18, 2001risk 0.00cvss —epss 0.00
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
- CVE-2000-1163Jan 9, 2001risk 0.00cvss —epss 0.00
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes…
- CVE-2000-1162Jan 9, 2001risk 0.00cvss —epss 0.00
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
- CVE-1999-0155Aug 31, 1995risk 0.00cvss —epss 0.03
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
Page 8 of 8