CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28879 – ghostscript: buffer overflow in base/sbcp.c leading to data corruption
https://notcve.org/view.php?id=CVE-2023-28879
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. En Artifex Ghostscript hasta la versión 10.01.0, hay un desbordamiento de búfer que puede corromper los datos internos del intérprete PostScript, en base/sbcp.c. Esto afecta a BCPEncode, BCPDecode, TBCPEncode y TBCPDecode. • http://www.openwall.com/lists/oss-security/2023/04/12/4 https://bugs.ghostscript.com/show_bug.cgi?id=706494 https://ghostscript.readthedocs.io/en/latest/News.html https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=37ed5022cecd584de868933b5b60da2e995b3179 https://lists.debian.org/debian-lts-announce/2023/04/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CI6UCKM3XMK7PYNIRGAVDJ5VKN6XYZOE https://lists.fedoraproject.org/archives/list/package-announce& • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45944
https://notcve.org/view.php?id=CVE-2021-45944
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 hasta 9.53.3, presenta un uso de memoria previamente liberada en la función sampled_data_sample (llamado desde sampled_data_continue e interp). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml https://github.com/google/oss-fuzz-vulns/issues/16 https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html https://www.debian.org/security/2022/dsa-5038 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45949
https://notcve.org/view.php?id=CVE-2021-45949
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 a 9.54.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función sampled_data_finish (llamado desde sampled_data_continue e interp). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=2a3129365d3bc0d4a41f107ef175920d1505d1f7 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html https://www.debian.org/security/2022/dsa-5038 • CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3781
https://notcve.org/view.php?id=CVE-2021-3781
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escape trivial del sandbox (habilitado con la opción "-dSAFER") en el intérprete de ghostscript al inyectar un comando de tubería especialmente diseñado. Este fallo permite que un documento especialmente diseñado ejecute comandos arbitrarios en el sistema en el contexto del intérprete ghostscript. • https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://ghostscript.com/CVE-2021-3781.html https://security.gentoo.org/glsa/202211-11 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-16308 – ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16308
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función p_print_image() en el archivo devices/gdevcdj.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701829 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=af004276fd8f6c305727183c159b83021020f7d6 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16308 https://bugzilla.redhat.com/show_bug.cgi?id=1870256 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •