CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31794
https://notcve.org/view.php?id=CVE-2023-31794
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Se descubrió que MuPDF v1.21.1 contiene una recursividad infinita en el componente pdf_mark_list_push. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de un archivo PDF manipulado. • https://bugs.ghostscript.com/show_bug.cgi?id=706506 https://gist.github.com/spookhorror/c770d118767b1b0d89fdfe2845169d06 https://git.ghostscript.com/?p=mupdf.git%3Bh=c0015401693b58e2deb5d75c39f27bc1216e47c6 • CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-43115 – Ghostscript: GhostPDL can lead to remote code execution via crafted PostScript documents
https://notcve.org/view.php?id=CVE-2023-43115
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecución remota de código a través de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el parámetro IjsServer, después de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una línea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). A vulnerability was found in Artifex Ghostscript in gdevijs.c, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents. • https://github.com/jostaub/ghostscript-CVE-2023-43115 https://bugs.ghostscript.com/show_bug.cgi?id=707051 https://ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5 https://access.redhat.com/security/cve/CVE-2023-43115 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-4042 – Ghostscript: incomplete fix for cve-2020-16305
https://notcve.org/view.php?id=CVE-2023-4042
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. • https://access.redhat.com/errata/RHSA-2023:7053 https://access.redhat.com/security/cve/CVE-2023-4042 https://bugzilla.redhat.com/show_bug.cgi?id=1870257 https://bugzilla.redhat.com/show_bug.cgi?id=2228151 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21890
https://notcve.org/view.php?id=CVE-2020-21890
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. • https://bugs.ghostscript.com/show_bug.cgi?id=701846 https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21710 – ghostscript: Divide by zero in eps_print_page in gdevepsn.c
https://notcve.org/view.php?id=CVE-2020-21710
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. GhostScript is vulnerable to divide by zero issue in function eps_print_page in gdevepsn.c allows remote attacker to cause a denial of service via crafted PDF file. • https://bugs.ghostscript.com/show_bug.cgi?id=701843 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=4e713293de84b689c4ab358f3e110ea54aa81925 https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html https://access.redhat.com/security/cve/CVE-2020-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2235001 • CWE-369: Divide By Zero •