Artifex Gpl Ghostscript — known CVE vulnerabilities
Every CVE whose affected-product data names Artifex Gpl Ghostscript, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2012-4875 — CVSS 9.3 (critical): Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote…
CVE-2009-4897 — CVSS 9.3 (critical): Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2010-1628 — CVSS 9.3 (critical): Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file…
CVE-2010-1869 — CVSS 9.3 (critical): Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary…
CVE-2009-3743 — CVSS 9.3 (critical): Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to…
CVE-2018-18284 — CVSS 8.6 (high): Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
CVE-2018-16509 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess…
CVE-2018-16513 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function…
CVE-2018-16510 — CVSS 7.8 (high): An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used…
CVE-2018-15909 — CVSS 7.8 (high): In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply…
CVE-2018-15910 — CVSS 7.8 (high): In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams…
CVE-2018-15911 — CVSS 7.8 (high): In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the…
CVE-2010-2055 — CVSS 7.2 (high): Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary…
CVE-2016-9601 — CVSS 5.3 (medium): ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_imag…
CVE-2013-6629 — CVSS 5.0 (medium): The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48…
CVE-2010-4054 — CVSS 4.3 (medium): The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and…