Vulnerabilities > Artifex > Ghostscript > 3.63
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-05 | CVE-2018-16510 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Artifex Ghostscript before 9.24. | 7.8 |
| 2018-09-05 | CVE-2018-16509 | An issue was discovered in Artifex Ghostscript before 9.24. | 7.8 |
| 2018-08-28 | CVE-2018-15911 | Use of Uninitialized Resource vulnerability in multiple products In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code. | 7.8 |
| 2018-08-27 | CVE-2018-15910 | Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. | 7.8 |
| 2018-08-27 | CVE-2018-15909 | Incorrect Type Conversion or Cast vulnerability in multiple products In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. | 7.8 |
| 2018-08-27 | CVE-2018-15908 | In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. | 7.8 |
| 2018-06-01 | CVE-2018-11645 | Information Exposure vulnerability in Artifex Ghostscript psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977. | 5.3 |
| 2018-04-18 | CVE-2018-10194 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | 7.8 |
| 2017-05-23 | CVE-2016-7979 | Incorrect Type Conversion or Cast vulnerability in Artifex Ghostscript Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | 9.8 |
| 2017-05-23 | CVE-2016-7977 | Information Exposure vulnerability in Artifex Ghostscript Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. | 5.5 |