Vulnerabilities > Artifex > Ghostscript > 9.01

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2019-14812 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
local
low complexity
artifex fedoraproject CWE-732
7.8
2019-11-27 CVE-2019-10216 In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
local
low complexity
artifex redhat
7.8
2019-11-15 CVE-2019-14869 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex fedoraproject opensuse CWE-732
8.8
2019-09-06 CVE-2019-14813 Incorrect Authorization vulnerability in multiple products
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
network
low complexity
artifex redhat fedoraproject opensuse debian CWE-863
critical
9.8
2019-09-03 CVE-2019-14817 Incorrect Authorization vulnerability in multiple products
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
7.8
2019-09-03 CVE-2019-14811 Incorrect Authorization vulnerability in multiple products
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
7.8
2019-05-16 CVE-2019-3839 It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. 7.8
2019-03-25 CVE-2019-3838 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27.
local
low complexity
artifex redhat fedoraproject opensuse debian
5.5
2019-03-25 CVE-2019-3835 Missing Authorization vulnerability in multiple products
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27.
5.5
2019-03-21 CVE-2019-6116 In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. 7.8