Latest artifex ghostscript Vulnerabilities

CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one U...
Artifex Ghostscript=9.51
Artifex Ghostscript=9.52
Artifex Ghostscript=9.52.1
Artifex Ghostscript=9.53.0-rc1
Artifex Ghostscript=9.53.0-rc2
CVE-2023-46751
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Artifex Ghostscript<=10.02.0
ubuntu/ghostscript<9.55.0~dfsg1-0ubuntu5.6
ubuntu/ghostscript<10.0.0~dfsg1-0ubuntu1.5
ubuntu/ghostscript<10.01.2~dfsg1-0ubuntu2.2
ubuntu/ghostscript<10.02.1~dfsg-1
debian/ghostscript
CVE-2023-43115
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer para...
debian/ghostscript<=9.27~dfsg-2+deb10u5<=9.27~dfsg-2+deb10u9<=9.53.3~dfsg-7+deb11u5<=10.0.0~dfsg-11+deb12u1
Artifex Ghostscript<=10.01.2
ubuntu/ghostscript<10.02.0~dfsg-1<10.02.0
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.11
ubuntu/ghostscript<9.55.0~dfsg1-0ubuntu5.5
ubuntu/ghostscript<10.0.0~dfsg1-0ubuntu1.4
and 3 more
CVE-2020-21890
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via openin...
Artifex Ghostscript=9.50
ubuntu/ghostscript<9.51<9.51~dfsg-1
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.04.18+
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.10
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.16.04.14+
debian/ghostscript<=9.27~dfsg-2+deb10u5
CVE-2020-21710
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.
Artifex Ghostscript=9.50
ubuntu/ghostscript<9.51<9.51~dfsg-1
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.04.18+
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.10
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.16.04.14+
debian/ghostscript<=9.27~dfsg-2+deb10u5
CVE-2023-4042
Ghostscript: incomplete fix for cve-2020-16305
Artifex Ghostscript<9.51
Redhat Enterprise Linux=8.0
redhat/ghostscript<9.51
Redhat Codeready Linux Builder=8.0
Redhat Codeready Linux Builder For Arm64=8.0_aarch64
Redhat Codeready Linux Builder For Ibm Z Systems=8.0_s390x
and 4 more
CVE-2023-38560
Ghostscript: integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name
Artifex Ghostscript
CVE-2023-38559
Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos
Artifex Ghostscript
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
ubuntu/ghostscript<9.26~dfsg+0-0ubuntu0.18.04.18+
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.9
ubuntu/ghostscript<9.55.0~dfsg1-0ubuntu5.4
and 8 more
CVE-2023-36664
A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Artifex Ghostscript<=10.01.2
Debian Debian Linux=11.0
Debian Debian Linux=12.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
redhat/ghostscript<0:9.54.0-10.el9_2
and 2 more
CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TB...
Artifex Ghostscript<10.01.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/ghostscript<=9.27~dfsg-2+deb10u5
CVE-2020-27792
Ghostscript: heap buffer over write vulnerability in ghostscript's lp8000_print_page() in gdevlp8k.c
Artifex Ghostscript<=9.50
Debian Debian Linux=10.0
redhat/ghostscript<9.27
CVE-2022-2085
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_p...
Artifex Ghostscript=9.55.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2021-3781
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document ...
Artifex Ghostscript=9.50
Artifex Ghostscript=9.52
Artifex Ghostscript=9.53.3
Artifex Ghostscript=9.54.0
Fedoraproject Fedora=34
CVE-2021-45949
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
debian/ghostscript
Artifex Ghostscript>=9.50<=9.54.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2021-45944
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
debian/ghostscript
Artifex Ghostscript>=9.50<=9.53.3
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
CVE-2020-14373
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
Artifex Ghostscript=9.25
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
CVE-2020-16299
A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file....
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16288
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16294
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is f...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16293
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a den...
redhat/ghostscript<0:9.27-1.el8
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-16302
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fix...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16303
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16287
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This ...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16309
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This i...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16306
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed ...
redhat/ghostscript<0:9.27-1.el8
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-16304
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is ...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16300
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is...
redhat/ghostscript<0:9.27-1.el8
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-16308
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixe...
Artifex Ghostscript<9.52
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-16301
A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This i...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16295
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Th...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16310
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16305
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Thi...
redhat/ghostscript<0:9.27-1.el8
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-16298
A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. ...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16290
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This ...
redhat/ghostscript<0:9.27-1.el8
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-17538
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16289
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fix...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16307
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscr...
Artifex Ghostscript=9.50
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16296
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Thi...
redhat/ghostscript<0:9.27-1.el8
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
and 6 more
CVE-2020-16291
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16292
A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Thi...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-16297
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. ...
Artifex Ghostscript<9.52
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=20.04
and 5 more
CVE-2020-15900
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'pos...
Artifex Ghostscript=9.50
Artifex Ghostscript=9.52
Canonical Ubuntu Linux=20.04
openSUSE Leap=15.1
openSUSE Leap=15.2
ubuntu/ghostscript<9.50~dfsg-5ubuntu4.1
and 1 more
CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions....
Artifex Ghostscript>=9.00<9.50
Fedoraproject Fedora=31
debian/ghostscript
CVE-2019-10216
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by crea...
Artifex Ghostscript<9.50
Redhat 3scale Api Management=2.6
Redhat Enterprise Linux=5.0
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=7.0
and 5 more
CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictio...
Artifex Ghostscript>=9.00<9.50
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Fedoraproject Fedora=31
openSUSE Leap=15.0
openSUSE Leap=15.1
and 1 more
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A ...
Artifex Ghostscript>=9.00<=9.50
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.1
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux Desktop=7.0
and 14 more
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions...
Artifex Ghostscript<9.50
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.1
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 6 more
CVE-2019-14817
debian/ghostscript
Artifex Ghostscript<9.50
Redhat Openshift Container Platform=3.11
Redhat Openshift Container Platform=4.1
openSUSE Leap=15.0
openSUSE Leap=15.1
and 6 more
CVE-2017-15652
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected ...
Artifex Ghostscript=9.22
CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have acc...
debian/ghostscript<=9.26a~dfsg-2<=9.26a~dfsg-0+deb9u1
Artifex Ghostscript<9.27
Redhat Ansible Tower=3.3
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.6
and 12 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203