This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Artifex First view 2017-03-21
Product Ghostscript Last view 2025-05-23
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:* 104
cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:* 96
cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:* 96
cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:* 96
cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:* 95
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* 95
cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:* 91
cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:* 73
cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:* 65
cpe:2.3:a:artifex:ghostscript:9.51:*:*:*:*:*:*:* 52
cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:* 37
cpe:2.3:a:artifex:ghostscript:9.53.3:*:*:*:*:*:*:* 34
cpe:2.3:a:artifex:ghostscript:9.53.0:rc2:*:*:*:*:*:* 34
cpe:2.3:a:artifex:ghostscript:9.53.0:rc1:*:*:*:*:*:* 34
cpe:2.3:a:artifex:ghostscript:9.52.1:*:*:*:*:*:*:* 34
cpe:2.3:a:artifex:ghostscript:9.54.0:*:*:*:*:*:*:* 33
cpe:2.3:a:artifex:ghostscript:9.55.0:*:*:*:*:*:*:* 32

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
3.3 2025-05-23 CVE-2025-48708

gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.

0 2025-04-26 CVE-2025-46646

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

0 2025-03-25 CVE-2025-27837

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

0 2025-03-25 CVE-2025-27836

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.

0 2025-03-25 CVE-2025-27835

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.

0 2025-03-25 CVE-2025-27834

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.

0 2025-03-25 CVE-2025-27833

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdf_fmap.c.

0 2025-03-25 CVE-2025-27832

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.

0 2025-03-25 CVE-2025-27831

An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.

0 2025-03-25 CVE-2025-27830

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.

7.8 2024-11-10 CVE-2024-46956

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

5.5 2024-11-10 CVE-2024-46955

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

7.8 2024-11-10 CVE-2024-46954

An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.

7.8 2024-11-10 CVE-2024-46953

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

7.8 2024-11-10 CVE-2024-46952

An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).

7.8 2024-11-10 CVE-2024-46951

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.

0 2024-07-03 CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.

0 2024-07-03 CVE-2024-33870

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.

0 2024-07-03 CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.

0 2024-07-03 CVE-2024-29511

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.

0 2024-07-03 CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.

8.8 2024-07-03 CVE-2024-29509

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.

3.3 2024-07-03 CVE-2024-29508

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

0 2024-07-03 CVE-2024-29507

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.

8.8 2024-07-03 CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.

CWE : Common Weakness Enumeration

%idName
25% (22) CWE-787 Out-of-bounds Write
10% (9) CWE-704 Incorrect Type Conversion or Cast
10% (9) CWE-476 NULL Pointer Dereference
10% (9) CWE-416 Use After Free
8% (7) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (5) CWE-200 Information Exposure
5% (5) CWE-125 Out-of-bounds Read
5% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
4% (4) CWE-369 Divide By Zero
4% (4) CWE-190 Integer Overflow or Wraparound
2% (2) CWE-732 Incorrect Permission Assignment for Critical Resource
2% (2) CWE-20 Improper Input Validation
1% (1) CWE-209 Information Exposure Through an Error Message
1% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
1% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
1% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

Snort® IPS/IDS

Date Description
2019-11-19 Ghostscript -dSAFER sandbox bypass attempt
RuleID : 51945 - Type : FILE-OTHER - Revision : 1
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49086 - Type : FILE-OTHER - Revision : 1
2019-03-05 Ghostscript PostScript remote code execution attempt
RuleID : 49085 - Type : FILE-OTHER - Revision : 1
2018-10-25 Ghostscript -dSAFER sandbox bypass attempt
RuleID : 47882 - Type : FILE-OTHER - Revision : 1
2018-02-27 Ghostscript eqproc type confusion attempt
RuleID : 45536 - Type : FILE-OTHER - Revision : 2
2018-02-27 Ghostscript eqproc type confusion attempt
RuleID : 45535 - Type : FILE-OTHER - Revision : 2
2018-02-27 Ghostscript rsdparams type confusion attempt
RuleID : 45534 - Type : FILE-OTHER - Revision : 2
2018-02-27 Ghostscript rsdparams type confusion attempt
RuleID : 45533 - Type : FILE-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-08 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2019-1004.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-07083800ac.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-56221eb24b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-81ee973d7c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-8359498f3c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c39ae23dc8.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1412.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1430.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote Debian host is missing a security update.
File: debian_DLA-1620.nasl - Type: ACT_GATHER_INFO
2018-12-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1137.nasl - Type: ACT_GATHER_INFO
2018-12-19 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3834.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3650.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3761.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1404.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3760.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Debian host is missing a security update.
File: debian_DLA-1598.nasl - Type: ACT_GATHER_INFO
2018-11-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4346.nasl - Type: ACT_GATHER_INFO
2018-11-28 Name: The remote Windows host contains a library that is affected by multiple vulne...
File: ghostscript_9_26.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-12.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2018-2918.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4336.nasl - Type: ACT_GATHER_INFO
2018-10-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1552.nasl - Type: ACT_GATHER_INFO
2018-10-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2918.nasl - Type: ACT_GATHER_INFO
2018-10-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1088.nasl - Type: ACT_GATHER_INFO
2018-10-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1527.nasl - Type: ACT_GATHER_INFO