Vulnerabilities > Artifex > GPL Ghostscript > 2.7.1

DATE CVE VULNERABILITY TITLE RISK
2018-10-19 CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
local
low complexity
artifex debian canonical redhat pulsesecure
8.6
2018-09-05 CVE-2018-16513 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
local
low complexity
artifex debian canonical pulsesecure CWE-704
7.8
2018-09-05 CVE-2018-16510 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Artifex Ghostscript before 9.24.
local
low complexity
artifex canonical CWE-119
7.8
2018-09-05 CVE-2018-16509 An issue was discovered in Artifex Ghostscript before 9.24.
local
low complexity
debian artifex canonical redhat
7.8
2018-08-28 CVE-2018-15911 Use of Uninitialized Resource vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15910 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
7.8
2018-08-27 CVE-2018-15909 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
7.8
2018-04-24 CVE-2016-9601 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image.
local
low complexity
artifex debian CWE-119
5.5
2010-08-26 CVE-2009-3743 Numeric Errors vulnerability in Artifex products
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
network
artifex CWE-189
critical
9.3
2010-07-22 CVE-2010-2055 Code vulnerability in Artifex products
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.
local
low complexity
artifex CWE-17
7.2