VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Artifex
>
Ghostscript
> 9.23
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2019-05-16
CVE-2019-3839
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix.
local
low complexity
artifex
debian
opensuse
fedoraproject
canonical
redhat
7.8
7.8
2019-03-25
CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27.
local
low complexity
artifex
redhat
fedoraproject
opensuse
debian
5.5
5.5
2019-03-25
CVE-2019-3835
Missing Authorization vulnerability in multiple products
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27.
local
low complexity
artifex
redhat
fedoraproject
debian
opensuse
CWE-862
5.5
5.5
2019-03-21
CVE-2019-6116
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
local
low complexity
artifex
fedoraproject
canonical
debian
opensuse
redhat
7.8
7.8
2019-01-02
CVE-2018-19478
Improper Input Validation vulnerability in multiple products
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
local
low complexity
artifex
debian
CWE-20
5.5
5.5
2018-12-20
CVE-2018-19134
Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types.
local
low complexity
artifex
debian
redhat
CWE-704
7.8
7.8
2018-11-23
CVE-2018-19477
Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
local
low complexity
artifex
debian
canonical
redhat
CWE-704
7.8
7.8
2018-11-23
CVE-2018-19476
Incorrect Type Conversion or Cast vulnerability in multiple products
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
local
low complexity
artifex
debian
canonical
redhat
CWE-704
7.8
7.8
2018-11-23
CVE-2018-19475
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
local
low complexity
artifex
debian
canonical
redhat
7.8
7.8
2018-11-21
CVE-2018-19409
An issue was discovered in Artifex Ghostscript before 9.26.
network
low complexity
artifex
debian
canonical
redhat
critical
9.8
9.8
«
Previous
1
2
3
4
(current)
5
6
»
Next