Every CVE whose affected-product data names Artifex Ghostscript, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (129)
CVE-2021-3781 — CVSS 9.9 (critical): A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted…
CVE-2016-7978 — CVSS 9.8 (critical): Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference…
CVE-2020-36773 — CVSS 9.8 (critical): Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a…
CVE-2025-27836 — CVSS 9.8 (critical): An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
CVE-2025-27831 — CVSS 9.8 (critical): An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters…
CVE-2019-14813 — CVSS 9.8 (critical): A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged…
CVE-2025-27832 — CVSS 9.8 (critical): An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnp…
CVE-2018-19409 — CVSS 9.8 (critical): An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
CVE-2023-28879 — CVSS 9.8 (critical): In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript…
CVE-2016-7979 — CVSS 9.8 (critical): Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code…
CVE-2025-27837 — CVSS 9.8 (critical): An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid…
CVE-2020-15900 — CVSS 9.8 (critical): A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of…
CVE-2023-43115 — CVSS 8.8 (high): In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because…
CVE-2024-29506 — CVSS 8.8 (high): Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
CVE-2024-29509 — CVSS 8.8 (high): Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
CVE-2019-14869 — CVSS 8.8 (high): A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its…
CVE-2016-7976 — CVSS 8.8 (high): The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.
CVE-2024-33871 — CVSS 8.8 (high): An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver…
CVE-2018-17961 — CVSS 8.6 (high): Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup…
CVE-2018-18284 — CVSS 8.6 (high): Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2024-46951 — CVSS 7.8 (high): An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space…
CVE-2024-46952 — CVSS 7.8 (high): An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef…
CVE-2024-46953 — CVSS 7.8 (high): An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format…
CVE-2024-46954 — CVSS 7.8 (high): An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible…
CVE-2019-14811 — CVSS 7.8 (high): A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its…
CVE-2024-46956 — CVSS 7.8 (high): An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to…
CVE-2025-27830 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for…
CVE-2018-16510 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used…
CVE-2018-16513 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function…
CVE-2016-8602 — CVSS 7.8 (high): The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application…
CVE-2018-16540 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a…
CVE-2017-11714 — CVSS 7.8 (high): psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a…
CVE-2020-16303 — CVSS 7.8 (high): A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2018-16543 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
CVE-2018-16585 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not…
CVE-2018-16802 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during…
CVE-2018-17183 — CVSS 7.8 (high): Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply…
CVE-2020-21890 — CVSS 7.8 (high): Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause…
CVE-2018-19134 — CVSS 7.8 (high): In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript…
CVE-2018-19475 — CVSS 7.8 (high): psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack…
CVE-2023-36664 — CVSS 7.8 (high): Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character…
CVE-2018-19476 — CVSS 7.8 (high): psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace…
CVE-2018-19477 — CVSS 7.8 (high): psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode…
CVE-2016-10317 — CVSS 7.8 (high): The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a…
CVE-2019-10216 — CVSS 7.8 (high): In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass…
CVE-2025-27835 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
CVE-2025-27834 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document…
CVE-2018-10194 — CVSS 7.8 (high): The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent…
CVE-2018-15908 — CVSS 7.8 (high): In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and…
CVE-2018-15909 — CVSS 7.8 (high): In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply…
CVE-2018-15910 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams…
CVE-2018-15911 — CVSS 7.8 (high): In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the…
CVE-2018-16509 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess…
CVE-2018-16511 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply…
CVE-2025-27833 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.
CVE-2019-14812 — CVSS 7.8 (high): A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its…
CVE-2019-14817 — CVSS 7.8 (high): A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its…
CVE-2019-25059 — CVSS 7.8 (high): Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.
CVE-2017-7948 — CVSS 7.8 (high): Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2019-3839 — CVSS 7.8 (high): It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially…
CVE-2019-6116 — CVSS 7.8 (high): In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code…
CVE-2017-9611 — CVSS 7.8 (high): The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service…
CVE-2017-9835 — CVSS 7.8 (high): The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service…
CVE-2024-29511 — CVSS 7.5 (high): Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and…
CVE-2023-46751 — CVSS 7.5 (high): An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to…
CVE-2018-16863 — CVSS 7.3 (high): It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and…
CVE-2020-27792 — CVSS 7.1 (high): A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw…
CVE-2024-33870 — CVSS 6.3 (medium): An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary…
CVE-2024-29510 — CVSS 6.3 (medium): Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
CVE-2018-18073 — CVSS 6.3 (medium): Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved…
CVE-2023-38560 — CVSS 5.5 (medium): An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a…
CVE-2016-10218 — CVSS 5.5 (medium): The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20…
CVE-2016-10219 — CVSS 5.5 (medium): The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service…
CVE-2016-10220 — CVSS 5.5 (medium): The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial…
CVE-2016-7977 — CVSS 5.5 (medium): Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files…
CVE-2017-15652 — CVSS 5.5 (medium): Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source…
CVE-2017-5951 — CVSS 5.5 (medium): The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial…
CVE-2017-7207 — CVSS 5.5 (medium): The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL…
CVE-2017-8908 — CVSS 5.5 (medium): The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds…
CVE-2018-16539 — CVSS 5.5 (medium): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file…
CVE-2018-16541 — CVSS 5.5 (medium): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice…
CVE-2018-16542 — CVSS 5.5 (medium): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size…
CVE-2018-19478 — CVSS 5.5 (medium): In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
CVE-2019-3835 — CVSS 5.5 (medium): It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted…
CVE-2019-3838 — CVSS 5.5 (medium): It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted…
CVE-2020-14373 — CVSS 5.5 (medium): A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted…
CVE-2020-16287 — CVSS 5.5 (medium): A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16288 — CVSS 5.5 (medium): A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16289 — CVSS 5.5 (medium): A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to…
CVE-2020-16290 — CVSS 5.5 (medium): A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16291 — CVSS 5.5 (medium): A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a…
CVE-2020-16292 — CVSS 5.5 (medium): A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16293 — CVSS 5.5 (medium): A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex…
CVE-2020-16294 — CVSS 5.5 (medium): A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker…
CVE-2020-16295 — CVSS 5.5 (medium): A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16296 — CVSS 5.5 (medium): A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows…
CVE-2020-16297 — CVSS 5.5 (medium): A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a…
CVE-2020-16298 — CVSS 5.5 (medium): A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16299 — CVSS 5.5 (medium): A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16300 — CVSS 5.5 (medium): A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker…
CVE-2020-16301 — CVSS 5.5 (medium): A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16302 — CVSS 5.5 (medium): A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16304 — CVSS 5.5 (medium): A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a…
CVE-2020-16305 — CVSS 5.5 (medium): A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16306 — CVSS 5.5 (medium): A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a…
CVE-2020-16307 — CVSS 5.5 (medium): A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a…
CVE-2020-16308 — CVSS 5.5 (medium): A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to…
CVE-2020-16309 — CVSS 5.5 (medium): A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote…
CVE-2020-16310 — CVSS 5.5 (medium): A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker…
CVE-2020-17538 — CVSS 5.5 (medium): A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows…
CVE-2020-21710 — CVSS 5.5 (medium): A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a…
CVE-2021-45944 — CVSS 5.5 (medium): Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVE-2021-45949 — CVSS 5.5 (medium): Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and…
CVE-2022-2085 — CVSS 5.5 (medium): A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory…
CVE-2023-38559 — CVSS 5.5 (medium): A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to…
CVE-2016-10217 — CVSS 5.5 (medium): The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service…
CVE-2023-4042 — CVSS 5.5 (medium): A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed…
CVE-2023-52722 — CVSS 5.5 (medium): An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the…
CVE-2024-46955 — CVSS 5.5 (medium): An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed…
CVE-2024-29507 — CVSS 5.4 (medium): Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
CVE-2018-11645 — CVSS 5.3 (medium): psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to…
CVE-2024-33869 — CVSS 5.3 (medium): An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript…
CVE-2025-46646 — CVSS 4.5 (medium): In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of…
CVE-2025-59798 — CVSS 4.3 (medium): Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
CVE-2025-59799 — CVSS 4.3 (medium): Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size…
CVE-2025-59800 — CVSS 4.3 (medium): In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer…
CVE-2025-48708 — CVSS 4.0 (medium): gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A…
CVE-2024-29508 — CVSS 3.3 (low): Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function…