ghostscript-library (SUSE:Linux Enterprise Server 11 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP4 package ghostscript-library, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2016-7979 — CVSS 9.8 (critical): Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code…
CVE-2018-16509 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess…
CVE-2018-16511 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply…
CVE-2018-16513 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function…
CVE-2016-8602 — CVSS 7.8 (high): The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application…
CVE-2018-16540 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a…
CVE-2017-11714 — CVSS 7.8 (high): psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a…
CVE-2018-10194 — CVSS 7.8 (high): The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent…
CVE-2017-9835 — CVSS 7.8 (high): The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service…
CVE-2018-15910 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams…
CVE-2017-9611 — CVSS 7.8 (high): The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service…
CVE-2017-9612 — CVSS 7.8 (high): The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service…
CVE-2017-9726 — CVSS 7.8 (high): The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service…
CVE-2017-9727 — CVSS 7.8 (high): The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service…
CVE-2017-9739 — CVSS 7.8 (high): The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service…
CVE-2015-3228 — CVSS 6.8 (medium): Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a…
CVE-2017-9216 — CVSS 6.5 (medium): libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function…
CVE-2018-16542 — CVSS 5.5 (medium): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size…
CVE-2016-10219 — CVSS 5.5 (medium): The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service…
CVE-2016-7977 — CVSS 5.5 (medium): Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files…
CVE-2017-7207 — CVSS 5.5 (medium): The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL…
CVE-2013-5653 — CVSS 5.5 (medium): The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a…
CVE-2018-16541 — CVSS 5.5 (medium): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice…
CVE-2016-9601 — CVSS 5.3 (medium): ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_imag…