Artifex Gpl_ghostscript
16 CVEs affecting Artifex Gpl_ghostscript. Latest disclosed: 2018-10-19. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-18284 | High | 8.6 | 2018-10-19 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. |
CVE-2018-16513 | High | 7.8 | 2018-09-05 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpre… |
CVE-2018-16510 | High | 7.8 | 2018-09-05 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers… |
CVE-2018-16509 | High | 7.8 | 2018-09-05 | An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be… |
CVE-2018-15911 | High | 7.8 | 2018-08-28 | In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to c… |
CVE-2018-15910 | High | 7.8 | 2018-08-27 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash… |
CVE-2018-15909 | High | 7.8 | 2018-08-27 | In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files t… |
CVE-2016-9601 | Medium | 5.3 | 2018-04-24 | ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is… |
CVE-2013-6629 | | 2013-11-19 | The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other… | |
CVE-2012-4875 | | 2012-09-06 | Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute… | |
CVE-2010-4054 | | 2010-10-23 | The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via c… | |
CVE-2009-3743 | | 2010-08-26 | Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code o… | |
CVE-2010-2055 | | 2010-07-22 | Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands v… | |
CVE-2009-4897 | | 2010-07-22 | Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corrup… | |
CVE-2010-1628 | | 2010-05-19 | Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited rec… | |
CVE-2010-1869 | | 2010-05-12 | Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted Post… |