CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2024-29509 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29509
03 Jul 2024 — Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ghostscript incorrectly handled certain API parameters. • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-29507 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29507
03 Jul 2024 — Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ghostscript incorrectly handled certain API parameters. • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-29506 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29506
03 Jul 2024 — Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ghostscript incorrectly handled certain API parameters. • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-29508 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29508
03 Jul 2024 — Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Thomas Rinsma discovered that Ghostscript did not c... • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-29511 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29511
03 Jul 2024 — Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd. Artifex Ghostscript anterior a 10.03.1, cuando se usa Tesseract para OCR, tiene un problema de directory traversal que permite la lectura de archivos arbitrarios (y la escritura de mensajes de error en archivos arbitrar... • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-489: Active Debug Code •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2024-33871 – ghostscript: OPVP device arbitrary code execution via custom Driver library
https://notcve.org/view.php?id=CVE-2024-33871
16 May 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. Se descubrió un problema en Artifex Ghostscript antes de la versión 10.03.1. contrib/opvp/gdevopvp.c permite la ejecución de código arbitrario a través de una librería d... • https://bugs.ghostscript.com/show_bug.cgi?id=707754 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 8%CPEs: 26EXPL: 2CVE-2024-29510 – Ghostscript Command Execution via Format String
https://notcve.org/view.php?id=CVE-2024-29510
16 May 2024 — Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Artifex Ghostscript anterior a 10.03.1 permite la corrupción de la memoria y una omisión MÁS SEGURA de la sandbox mediante la inyección de cadena de formato con un dispositivo uniprint. A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands a... • https://packetstorm.news/files/id/179645 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36773
https://notcve.org/view.php?id=CVE-2020-36773
04 Feb 2024 — Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). Artifex Ghostscript anterior a 9.53.0 tiene una escritura y un use-after-free fuera de los límites en devices/vector/gdevtxtw.c (para txtwrite) porque un código de un solo carácter en un documento PDF se puede asignar a más de un punto de código Unicode. (por ejemplo, p... • https://bugs.ghostscript.com/show_bug.cgi?id=702229 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46751 – ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
https://notcve.org/view.php?id=CVE-2023-46751
06 Dec 2023 — An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. Se descubrió un problema en la función gdev_prn_open_printer_seekable() en Artifex Ghostscript hasta la versión 10.02.0 que permite a atacantes remotos bloquear la aplicación mediante un puntero colgante. A flaw was found in Ghostscript. A remote attacker may use a specially crafted payload to trigger access to previously fre... • https://bugs.ghostscript.com/show_bug.cgi?id=707264 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 21%CPEs: 3EXPL: 1CVE-2023-43115 – Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documents
https://notcve.org/view.php?id=CVE-2023-43115
18 Sep 2023 — In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecución remota de código a ... • https://github.com/jostaub/ghostscript-CVE-2023-43115 • CWE-94: Improper Control of Generation of Code ('Code Injection') •