Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Artifex Subscribe
Filtered by product Ghostscript

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15900 3 Artifex, Canonical, Opensuse 3 Ghostscript, Ubuntu Linux, Leap 2022-04-27 7.5 HIGH 9.8 CRITICAL
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVE-2021-3781 2 Artifex, Fedoraproject 2 Ghostscript, Fedora 2022-02-28 9.3 HIGH 9.9 CRITICAL
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2019-14813 5 Artifex, Debian, Fedoraproject and 2 more 12 Ghostscript, Debian Linux, Fedora and 9 more 2020-10-16 7.5 HIGH 9.8 CRITICAL
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVE-2018-19409 4 Artifex, Canonical, Debian and 1 more 8 Ghostscript, Ubuntu Linux, Debian Linux and 5 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2016-7978 1 Artifex 1 Ghostscript 2018-01-05 7.5 HIGH 9.8 CRITICAL
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVE-2016-7979 1 Artifex 1 Ghostscript 2018-01-05 7.5 HIGH 9.8 CRITICAL
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.