CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-16290 – ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16290
13 Aug 2020 — A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función jetp3852_print_page() en el archivo devices/gdev3852.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versi... • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=93cb0c0adbd9bcfefd021d59c472388f67d3300d • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-16289 – ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16289
13 Aug 2020 — A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función cif_print_page() en el archivo devices/gdevcif.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701788 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-16288 – ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16288
13 Aug 2020 — A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función pj_common_print_page() en el archivo devices/gdevpjet.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la ver... • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=aba3375ac24f8e02659d9b1eb9093909618cdb9f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-16287 – ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16287
13 Aug 2020 — A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función lprn_is_black() en el archivo contrib/lips4/gdevlprn.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versi... • https://bugs.ghostscript.com/show_bug.cgi?id=701785 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-14869 – ghostscript: -dSAFER escape in .charkeys (701841)
https://notcve.org/view.php?id=CVE-2019-14869
15 Nov 2019 — A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. Se detectó un fallo en todas las versiones de ghostscript 9.x en versiones anteriores a la 9.50, donde el ... • http://jvn.jp/en/jp/JVN52486659/index.html • CWE-648: Incorrect Use of Privileged APIs CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2019-14817 – ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)
https://notcve.org/view.php?id=CVE-2019-14817
02 Sep 2019 — A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detecto un error en ghostscript en versiones anteriores a la 9.50, en el .pdfexectoken y en otros procedimientos en los que no aseguraba adecuadamente sus llamada... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=cd1b1cacadac2479e291efe611979bdc1b3bdb19 • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2019-14813 – ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)
https://notcve.org/view.php?id=CVE-2019-14813
02 Sep 2019 — A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detectó un fallo en ghostscript, versiones 9.x versiones anteriores a la 9.50, en el procedimiento setsystemparams donde no aseguraba apropiadamente sus llamadas privile... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14812 – ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)
https://notcve.org/view.php?id=CVE-2019-14812
02 Sep 2019 — A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se encontró un fallo en todas las versiones de ghostscript 9.x anteriores a la versión 9.50, en el procedimiento .setuserparams2 donde no aseguraba apropiadamente sus ll... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 • CWE-648: Incorrect Use of Privileged APIs CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2019-14811 – ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
https://notcve.org/view.php?id=CVE-2019-14811
29 Aug 2019 — A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detecto un defecto en, ghostscript en versiones anteriores a la 9.50, en el procedimiento .pdf_hook_DSC_Creator donde no aseguró adecuadamente sus llamadas privilegi... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-10216 – ghostscript: -dSAFER escape via .buildfont1 (701394)
https://notcve.org/view.php?id=CVE-2019-10216
12 Aug 2019 — In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas. En ghostscript anterior a la versión 9.50, el procedimiento .buildfont1 no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts eludieran las restricciones `-dSAFER`. ... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 • CWE-648: Incorrect Use of Privileged APIs •