Vulnerabilities > Artifex > GPL Ghostscript > 8.61

DATE CVE VULNERABILITY TITLE RISK
2018-10-19 CVE-2018-18284 Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
local
low complexity
artifex debian canonical redhat pulsesecure
8.6
2018-09-05 CVE-2018-16513 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
local
low complexity
artifex debian canonical pulsesecure CWE-704
7.8
2018-09-05 CVE-2018-16510 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Artifex Ghostscript before 9.24.
local
low complexity
artifex canonical CWE-119
7.8
2018-09-05 CVE-2018-16509 An issue was discovered in Artifex Ghostscript before 9.24.
local
low complexity
debian artifex canonical redhat
7.8
2018-08-28 CVE-2018-15911 Use of Uninitialized Resource vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
7.8
2018-08-27 CVE-2018-15910 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
7.8
2018-08-27 CVE-2018-15909 Incorrect Type Conversion or Cast vulnerability in multiple products
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
7.8
2018-04-24 CVE-2016-9601 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image.
local
low complexity
artifex debian CWE-119
5.5
2010-10-23 CVE-2010-4054 Buffer Errors vulnerability in Artifex products
The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.
network
artifex CWE-119
4.3
2010-08-26 CVE-2009-3743 Numeric Errors vulnerability in Artifex products
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
network
artifex CWE-189
critical
9.3