cpe:2.3:a:artifex:ghostscript:1.1:*:*:*:*:*:*:*
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-12-06
Updated
2023-12-16
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Max CVSS
8.8
EPSS Score
0.21%
Published
2023-09-18
Updated
2024-02-22
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-08-01
Updated
2024-03-08
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-06-25
Updated
2023-09-17
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Max CVSS
9.8
EPSS Score
0.27%
Published
2023-03-31
Updated
2023-09-17
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.
Max CVSS
5.5
EPSS Score
0.05%
Published
2023-08-23
Updated
2023-12-27
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
Max CVSS
7.1
EPSS Score
0.10%
Published
2022-08-19
Updated
2023-12-19
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-06-29
A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.29%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.39%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.29%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.34%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.29%
Published
2020-08-13
Updated
2022-08-24
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.34%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.29%
Published
2020-08-13
Updated
2022-08-24
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Max CVSS
5.5
EPSS Score
0.33%
Published
2020-08-13
Updated
2022-08-24
Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-04-25
Updated
2022-05-04
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
Max CVSS
7.8
EPSS Score
0.21%
Published
2019-09-03
Updated
2020-10-16
62 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!