Vulnerabilities > Artifex > Ghostscript > 9.07
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-27 | CVE-2017-8291 | Type Confusion vulnerability in multiple products Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. | 7.8 |
2017-04-14 | CVE-2016-8602 | Incorrect Type Conversion or Cast vulnerability in Artifex Ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | 7.8 |