Artifex Ghostscript
23 CVEs affecting Artifex Ghostscript. Latest disclosed: 2025-09-22. Critical: 2, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-7979 | Critical | 9.8 | 2017-05-23 | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type c… |
CVE-2016-7978 | Critical | 9.8 | 2017-05-23 | Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. |
CVE-2016-7976 | High | 8.8 | 2017-08-07 | The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. |
CVE-2017-11714 | High | 7.8 | 2017-07-28 | psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (appl… |
CVE-2017-9835 | High | 7.8 | 2017-07-26 | The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow an… |
CVE-2017-9611 | High | 7.8 | 2017-07-26 | The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read… |
CVE-2017-7948 | High | 7.8 | 2017-04-19 | Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and applicati… |
CVE-2016-8602 | High | 7.8 | 2017-04-14 | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execut… |
CVE-2016-10317 | High | 7.8 | 2017-04-03 | The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap… |
CVE-2018-16863 | High | 7.3 | 2018-12-03 | It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protec… |
CVE-2016-7977 | Medium | 5.5 | 2017-05-23 | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .li… |
CVE-2017-8908 | Medium | 5.5 | 2017-05-12 | The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted Post… |
CVE-2017-5951 | Medium | 5.5 | 2017-04-03 | The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL poi… |
CVE-2016-10220 | Medium | 5.5 | 2017-04-03 | The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL po… |
CVE-2016-10219 | Medium | 5.5 | 2017-04-03 | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error a… |
CVE-2016-10218 | Medium | 5.5 | 2017-04-03 | The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers t… |
CVE-2016-10217 | Medium | 5.5 | 2017-04-03 | The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and a… |
CVE-2017-7207 | Medium | 5.5 | 2017-03-21 | The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference)… |
CVE-2025-46646 | Medium | 4.5 | 2025-04-26 | In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix f… |
CVE-2025-59800 | Medium | 4.3 | 2025-09-22 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8. |