Vulnerabilities > Artifex > Ghostscript > 3.70
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-03 | CVE-2024-29506 | Out-of-bounds Write vulnerability in Artifex Ghostscript Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. | 8.8 |
| 2024-07-03 | CVE-2024-29508 | Unspecified vulnerability in Artifex Ghostscript Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | 3.3 |
| 2024-07-03 | CVE-2024-29509 | Out-of-bounds Write vulnerability in Artifex Ghostscript Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. | 8.8 |
| 2023-12-06 | CVE-2023-46751 | Use After Free vulnerability in Artifex Ghostscript An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | 7.5 |
| 2023-09-18 | CVE-2023-43115 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. | 8.8 |
| 2023-08-23 | CVE-2023-4042 | Out-of-bounds Write vulnerability in multiple products A flaw was found in ghostscript. | 5.5 |
| 2023-06-25 | CVE-2023-36664 | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | 7.8 |
| 2023-03-31 | CVE-2023-28879 | Out-of-bounds Write vulnerability in multiple products In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. | 9.8 |
| 2022-08-19 | CVE-2020-27792 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. | 7.1 |
| 2022-04-25 | CVE-2019-25059 | Artifex Ghostscript through 9.26 mishandles .completefont. | 7.8 |