This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Artifex First view 2017-03-21
Product Ghostscript Last view 2020-09-03
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:* 48
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:* 40
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:* 40
cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:* 40
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:* 40
cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* 39
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:* 35
cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:* 33
cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:* 26
cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:* 19
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:* 17
cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:* 9
cpe:2.3:a:artifex:ghostscript:9.27:*:*:*:*:*:*:* 5
cpe:2.3:a:artifex:ghostscript:9.28:*:*:*:*:*:*:* 4
cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:* 1

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2020-09-03 CVE-2020-14373

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.

5.5 2020-08-13 CVE-2020-17538

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16310

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16309

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16308

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16307

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16306

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16305

A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16304

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.

7.8 2020-08-13 CVE-2020-16303

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16302

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16301

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16300

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16299

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16298

A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16297

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16296

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16295

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16294

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16293

A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16292

A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16291

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16290

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16289

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

5.5 2020-08-13 CVE-2020-16288

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.

CWE : Common Weakness Enumeration

%idName
19% (14) CWE-787 Out-of-bounds Write
13% (10) CWE-704 Incorrect Type Conversion or Cast
11% (8) CWE-476 NULL Pointer Dereference
8% (6) CWE-416 Use After Free
6% (5) CWE-200 Information Exposure
6% (5) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
6% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (3) CWE-369 Divide By Zero
4% (3) CWE-264 Permissions, Privileges, and Access Controls
4% (3) CWE-125 Out-of-bounds Read
2% (2) CWE-284 Access Control (Authorization) Issues
2% (2) CWE-269 Improper Privilege Management
2% (2) CWE-190 Integer Overflow or Wraparound
2% (2) CWE-20 Improper Input Validation
1% (1) CWE-209 Information Exposure Through an Error Message
1% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Snort® IPS/IDS

Date Description
2019-11-19 Ghostscript -dSAFER sandbox bypass attempt
RuleID : 51945 - Type : FILE-OTHER - Revision : 1
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49086 - Type : FILE-OTHER - Revision : 1
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49085 - Type : FILE-OTHER - Revision : 1
2018-10-25 Ghostscript -dSAFER sandbox bypass attempt
RuleID : 47882 - Type : FILE-OTHER - Revision : 1
2018-02-27 Ghostscript eqproc type confusion attempt
RuleID : 45536 - Type : FILE-OTHER - Revision : 2
2018-02-27 Ghostscript eqproc type confusion attempt
RuleID : 45535 - Type : FILE-OTHER - Revision : 2
2018-02-27 Ghostscript rsdparams type confusion attempt
RuleID : 45534 - Type : FILE-OTHER - Revision : 2
2018-02-27 Ghostscript rsdparams type confusion attempt
RuleID : 45533 - Type : FILE-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1004.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-07083800ac.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-56221eb24b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-81ee973d7c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8359498f3c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c39ae23dc8.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1412.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1430.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1620.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1137.nasl - Type: ACT_GATHER_INFO
2018-12-19 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3834.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3650.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3761.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1404.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3760.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1598.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4346.nasl - Type: ACT_GATHER_INFO
2018-11-28 Name: The remote Windows host contains a library that is affected by multiple vulne...
File: ghostscript_9_26.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-12.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2018-2918.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4336.nasl - Type: ACT_GATHER_INFO
2018-10-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1552.nasl - Type: ACT_GATHER_INFO
2018-10-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2918.nasl - Type: ACT_GATHER_INFO
2018-10-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1088.nasl - Type: ACT_GATHER_INFO
2018-10-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1527.nasl - Type: ACT_GATHER_INFO