Vulnerabilities > Artifex > Ghostscript > 5.65
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-13 | CVE-2020-16290 | Out-of-bounds Write vulnerability in multiple products A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. | 5.5 |
2020-08-13 | CVE-2020-16289 | Out-of-bounds Write vulnerability in multiple products A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. | 5.5 |
2020-08-13 | CVE-2020-16288 | Classic Buffer Overflow vulnerability in multiple products A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. | 5.5 |
2020-08-13 | CVE-2020-16287 | Out-of-bounds Write vulnerability in multiple products A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. | 5.5 |
2019-11-27 | CVE-2019-10216 | In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
2019-09-03 | CVE-2019-14817 | Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
2019-09-03 | CVE-2019-14811 | Incorrect Authorization vulnerability in multiple products A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 7.8 |
2019-05-16 | CVE-2019-3839 | It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. | 7.8 |
2019-03-25 | CVE-2019-3838 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. | 5.5 |
2019-03-25 | CVE-2019-3835 | Missing Authorization vulnerability in multiple products It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. | 5.5 |