Vulnerabilities > Artifex > Ghostscript > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-04 | CVE-2020-36773 | Use After Free vulnerability in Artifex Ghostscript Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | 9.8 |
| 2023-03-31 | CVE-2023-28879 | Out-of-bounds Write vulnerability in multiple products In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. | 9.8 |
| 2022-02-16 | CVE-2021-3781 | OS Command Injection vulnerability in multiple products A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. | 9.9 |
| 2020-07-28 | CVE-2020-15900 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. | 9.8 |
| 2019-09-06 | CVE-2019-14813 | Incorrect Authorization vulnerability in multiple products A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. | 9.8 |
| 2018-11-21 | CVE-2018-19409 | An issue was discovered in Artifex Ghostscript before 9.26. | 9.8 |
| 2017-05-23 | CVE-2016-7978 | Use After Free vulnerability in Artifex Ghostscript 9.20 Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | 9.8 |
| 2017-05-23 | CVE-2016-7979 | Incorrect Type Conversion or Cast vulnerability in Artifex Ghostscript Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | 9.8 |