Artifex

Gpl Ghostscript

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2018-18284

Exploit
  • EPSS 0.22%
  • Published 19.10.2018 22:29:01
  • Last modified 21.11.2024 03:55:38

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

7.8

CVE-2018-16513

  • EPSS 0.26%
  • Published 05.09.2018 13:29:00
  • Last modified 21.11.2024 03:52:53

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

9.3

CVE-2018-16509

Exploit
  • EPSS 91.74%
  • Published 05.09.2018 06:29:00
  • Last modified 21.11.2024 03:52:52

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instr...

7.8

CVE-2018-16510

  • EPSS 0.22%
  • Published 05.09.2018 06:29:00
  • Last modified 21.11.2024 03:52:52

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other im...

7.8

CVE-2018-15911

  • EPSS 2.7%
  • Published 28.08.2018 04:29:00
  • Last modified 21.11.2024 03:51:42

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

7.8

CVE-2018-15909

  • EPSS 2.27%
  • Published 27.08.2018 17:29:00
  • Last modified 21.11.2024 03:51:41

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

7.8

CVE-2018-15910

  • EPSS 4.83%
  • Published 27.08.2018 17:29:00
  • Last modified 21.11.2024 03:51:42

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

5.5

CVE-2016-9601

  • EPSS 0.45%
  • Published 24.04.2018 01:29:00
  • Last modified 21.11.2024 03:01:29

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an ...

5

CVE-2013-6629

  • EPSS 0.21%
  • Published 19.11.2013 04:50:56
  • Last modified 11.04.2025 00:51:21

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of s...

9.3

CVE-2012-4875

  • EPSS 9.32%
  • Published 06.09.2012 21:55:03
  • Last modified 11.04.2025 00:51:21

Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the d...