Latest Ghostscript Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2014-10-27 CVE-2010-4820 Code Injection vulnerability in Ghostscript 8.62
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
4.4
2012-09-18 CVE-2012-4405 Numeric Errors vulnerability in multiple products
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow.
6.8
2009-12-21 CVE-2009-4270 Buffer Errors vulnerability in Ghostscript 8.64/8.70
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
network
ghostscript CWE-119
critical
9.3
2009-04-16 CVE-2009-0196 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ghostscript
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
network
ghostscript CWE-119
critical
9.3
2009-04-14 CVE-2009-0792 Numeric Errors vulnerability in multiple products
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
9.3
2009-04-08 CVE-2007-6725 Buffer Errors vulnerability in Ghostscript 8.61
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
network
low complexity
ghostscript CWE-119
7.5
2009-04-08 CVE-2008-6679 Buffer Errors vulnerability in Ghostscript 8.62
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
network
low complexity
ghostscript CWE-119
5.0
2009-03-23 CVE-2009-0583 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
9.3
2009-03-23 CVE-2009-0584 Numeric Errors vulnerability in multiple products
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
9.3
2008-02-28 CVE-2008-0411 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ghostscript 0/8.0.1/8.15
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
6.8