VYPR

Vendor CVEs

Artifex

All CVEs

270 total · sorted by risk
  • CVE-2015-3228Aug 11, 2015
    risk 0.00cvss epss 0.04

    Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds…

  • CVE-2010-4820Oct 27, 2014
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.

  • CVE-2012-4875Sep 6, 2012
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to…

  • CVE-2011-0341May 13, 2011
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.

  • CVE-2010-4054Oct 23, 2010
    risk 0.00cvss epss 0.03

    The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

  • CVE-2010-2055Jul 22, 2010
    risk 0.00cvss epss 0.01

    Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using…

  • CVE-2010-1628May 19, 2010
    risk 0.00cvss epss 0.04

    Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.

  • CVE-2009-0792Apr 14, 2009
    risk 0.00cvss epss 0.04

    Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service…

  • CVE-2008-6679Apr 8, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.

  • CVE-2007-6725Apr 8, 2009
    risk 0.00cvss epss 0.05

    The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.

  • CVE-2009-0584Mar 23, 2009
    risk 0.00cvss epss 0.04

    icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly…

  • CVE-2009-0583Mar 23, 2009
    risk 0.00cvss epss 0.05

    Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service…

  • CVE-2004-0967Feb 9, 2005
    risk 0.00cvss epss 0.00

    The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.

  • CVE-2003-0354Jun 16, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job.

  • CVE-2003-0207May 5, 2003
    risk 0.00cvss epss 0.00

    ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files.

  • CVE-2002-0363May 29, 2002
    risk 0.00cvss epss 0.02

    ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

  • CVE-2001-1353Sep 18, 2001
    risk 0.00cvss epss 0.00

    ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.

  • CVE-2000-1163Jan 9, 2001
    risk 0.00cvss epss 0.00

    ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes…

  • CVE-2000-1162Jan 9, 2001
    risk 0.00cvss epss 0.00

    ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

  • CVE-1999-0155Aug 31, 1995
    risk 0.00cvss epss 0.03

    The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

Page 6 of 6