CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-48708 – Ubuntu Security Notice USN-7623-1
https://notcve.org/view.php?id=CVE-2025-48708
23 May 2025 — gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript through 10.05.0 lacks argument sanitization for the # case. gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext. It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker cou... • https://github.com/B1tBreaker/CVE-2025-48708 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-46646 – Ubuntu Security Notice USN-7473-1
https://notcve.org/view.php?id=CVE-2025-46646
26 Apr 2025 — In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954. It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly bypass file path validation. • https://bugs.ghostscript.com/show_bug.cgi?id=708311 • CWE-24: Path Traversal: '../filedir' •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46952 – ghostscript: Buffer Overflow in Ghostscript PDF XRef Stream Handling
https://notcve.org/view.php?id=CVE-2024-46952
10 Nov 2024 — An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). A flaw was found in Artifex Ghostscript's PDF XRef stream handling. This vulnerability allows a buffer overflow via crafted values in the W array of a PDF XRef stream. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbi... • https://bugs.ghostscript.com/show_bug.cgi?id=708001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46954 – ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
https://notcve.org/view.php?id=CVE-2024-46954
10 Nov 2024 — An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. A flaw was found in Ghostscript/base/gp_utf8.c. This vulnerability allows directory traversal via overlong UTF-8 encoding, potentially leading to unauthorized access to filesystem directories. An update for thunderbird is now available for Red Hat Enterprise Linux 9. • https://bugs.ghostscript.com/show_bug.cgi?id=707788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
https://notcve.org/view.php?id=CVE-2024-46951
07 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space. This update for ghostscript fixes the following issues. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46953 – ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
https://notcve.org/view.php?id=CVE-2024-46953
07 Nov 2024 — An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. A flaw was found in Artifex Ghostscript base/gsdevice.c. This vulnerability allows path truncation, path traversal, and possible code execution via an integer overflow when parsing the filename format string for the output filename. This update for ghostscript fixes t... • https://bugs.ghostscript.com/show_bug.cgi?id=707793 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46955 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46955
07 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. This update for ghostscript fixes the following issues. Fixed arbitrary code execution via unchecked "Implementation" pointer in "Pattern" color space. Fixed integer overflow when parsing the page format results in path truncation, path traversal, code execution. • https://bugs.ghostscript.com/show_bug.cgi?id=707990 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-29506 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29506
03 Jul 2024 — Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ghostscript incorrectly handled certain API parameters. • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-29507 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29507
03 Jul 2024 — Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ghostscript incorrectly handled certain API parameters. • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-29508 – Ubuntu Security Notice USN-6897-1
https://notcve.org/view.php?id=CVE-2024-29508
03 Jul 2024 — Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Thomas Rinsma discovered that Ghostscript did not c... • https://bugs.ghostscript.com/show_bug.cgi?id=707510 • CWE-122: Heap-based Buffer Overflow •