ghostscript (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package ghostscript, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2021-3781 — CVSS 9.9 (critical): A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted…
CVE-2020-36773 — CVSS 9.8 (critical): Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a…
CVE-2020-15900 — CVSS 9.8 (critical): A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of…
CVE-2023-28879 — CVSS 9.8 (critical): In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript…
CVE-2019-14813 — CVSS 9.8 (critical): A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged…
CVE-2023-43115 — CVSS 8.8 (high): In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because…
CVE-2019-14869 — CVSS 8.8 (high): A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its…
CVE-2024-33871 — CVSS 8.8 (high): An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver…
CVE-2019-3839 — CVSS 7.8 (high): It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially…
CVE-2019-14811 — CVSS 7.8 (high): A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its…
CVE-2019-14812 — CVSS 7.8 (high): A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its…
CVE-2023-36664 — CVSS 7.8 (high): Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character…
CVE-2019-14817 — CVSS 7.8 (high): A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its…
CVE-2023-46751 — CVSS 7.5 (high): An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to…
CVE-2024-33870 — CVSS 6.3 (medium): An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary…
CVE-2024-29510 — CVSS 6.3 (medium): Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
CVE-2021-45944 — CVSS 5.5 (medium): Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVE-2019-3835 — CVSS 5.5 (medium): It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted…
CVE-2019-12973 — CVSS 5.5 (medium): In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this…
CVE-2021-45949 — CVSS 5.5 (medium): Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and…
CVE-2023-38559 — CVSS 5.5 (medium): A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to…
CVE-2023-52722 — CVSS 5.5 (medium): An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the…
CVE-2024-33869 — CVSS 5.3 (medium): An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript…
CVE-2024-29508 — CVSS 3.3 (low): Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function…