CVSS: 7.8EPSS: 7%CPEs: 1EXPL: 0CVE-2016-8602 – ghostscript: check for sufficient params in .sethalftone5
https://notcve.org/view.php?id=CVE-2016-8602
02 Dec 2016 — The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. La función .sethalftone5 en psi/zht2.c en Ghostscript en versiones anteriores a 9.21 permite a los atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un documento Pos... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=f5c7555c303 • CWE-20: Improper Input Validation CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7977 – ghostscript: .libfile does not honor -dSAFER
https://notcve.org/view.php?id=CVE-2016-7977
02 Dec 2016 — Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. Ghostscript anterior a la versión 9.21 podría permitir que los atacantes remotos eludieran el mecanismo de protección del modo SAFER y, en consecuencia, leyeran archivos arbitrarios mediante el uso del operador .libfile en un documento Postscript manipulado. It was found that ghostscript function .libfi... • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2010-4820 – ghostscript: CWD included in the default library search path
https://notcve.org/view.php?id=CVE-2010-4820
27 Oct 2014 — Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. Vulnerabilidad no especificada en Ghostscript 8.62 permite a atacantes remotos ejecutar código PostScript arbitrario a través de un fichero troyano de la librería Postscript en Encoding/ bajo el directorio de trabajo actual, una vulnerabilidad diferente a CVE-2... • http://bugs.ghostscript.com/show_bug.cgi?id=691339 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 4%CPEs: 3EXPL: 0CVE-2012-4405 – argyllcms: Array index error leading to heap-based bufer OOB write
https://notcve.org/view.php?id=CVE-2012-4405
18 Sep 2012 — Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. Múltiples desbordamientos inferiores de enteros en la f... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 1CVE-2009-4270 – Gentoo Linux Security Advisory 201412-17
https://notcve.org/view.php?id=CVE-2009-4270
21 Dec 2009 — Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. Desbordamiento de búfer basado en pila en la función errprintf en base/gsmisc.c en ghostscript v8.64 hasta v8.70 permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente... • http://bugs.ghostscript.com/show_bug.cgi?id=690829 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 14EXPL: 2CVE-2009-0196 – ghostscript: Missing boundary check in Ghostscript's jbig2dec library
https://notcve.org/view.php?id=CVE-2009-0196
16 Apr 2009 — Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. Desbordamiento de entero en la función big2_decode_symbol_dict (jbig2_symbol_dict.c) en la librería de decodificación JBIG2 (jbig2dec) en Ghostscript 8.64 y posiblemente versiones anteriores, per... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2009-0792 – argyllcms: Incomplete fix for CVE-2009-0583
https://notcve.org/view.php?id=CVE-2009-0792
14 Apr 2009 — Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profi... • http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 0CVE-2008-6679 – ghostscript: Buffer overflow in BaseFont writer module for pdfwrite device
https://notcve.org/view.php?id=CVE-2008-6679
08 Apr 2009 — Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file. Desbordamiento de búfer en el módulo de escritura BaseFont en Ghostscript v8.62, y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída ps2pdf) y posiblemente ejecución de código arbitrario a través de un fichero Postscript. • http://bugs.ghostscript.com/show_bug.cgi?id=690211 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 2CVE-2007-6725 – ghostscript: DoS (crash) in CCITTFax decoding filter
https://notcve.org/view.php?id=CVE-2007-6725
08 Apr 2009 — The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function. El filtro de decodificar CCITTFax en Ghostscript v8.60, v8.61, y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecución de código arbitrario a través de un fichero PDF modi... • http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 23EXPL: 0CVE-2009-0583 – argyllcms: Multiple integer overflows in the International Color Consortium Format Library
https://notcve.org/view.php?id=CVE-2009-0583
23 Mar 2009 — Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profi... • http://bugs.gentoo.org/show_bug.cgi?id=261087 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •