Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ghostscript ghostscript 0 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-3522
Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent malicious users to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.
Redhat Enterprise Virtualization 3.5
Jasper Project Jasper 1.900.1
4.3
CVSSv2
CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript prior to 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Artifex Ghostscript
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Ansible Tower 3.3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 15.1
6.8
CVSSv2
CVE-2018-19475
psi/zdevice2.c in Artifex Ghostscript prior to 9.26 allows remote malicious users to bypass intended access restrictions because available stack space is not checked when the device remains the same.
Artifex Ghostscript
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux Server 7.6
1 Github repository
6.8
CVSSv2
CVE-2018-19476
psi/zicc.c in Artifex Ghostscript prior to 9.26 allows remote malicious users to bypass intended access restrictions because of a setcolorspace type confusion.
Artifex Ghostscript
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux Server 7.6
6.8
CVSSv2
CVE-2018-19477
psi/zfjbig2.c in Artifex Ghostscript prior to 9.26 allows remote malicious users to bypass intended access restrictions because of a JBIG2Decode type confusion.
Artifex Ghostscript
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux Server 7.6
4.3
CVSSv2
CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript prior to 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
Artifex Ghostscript
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server Aus 7.6
Redhat Ansible Tower 3.3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 42.3
Opensuse Leap 15.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x prior to 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then h...
Artifex Ghostscript
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux Server 7.0
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Eus 7.7
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Openshift Container Platform 4.1
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
9.3
CVSSv2
CVE-2008-3520
Multiple integer overflows in JasPer 1.900.1 might allow context-dependent malicious users to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation.
Jasper Project Jasper 1.900.1
6.8
CVSSv2
CVE-2011-4517
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote malicious users to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memo...
Jasper Project Jasper 1.900.1
Suse Linux Enterprise Server 11
Fedoraproject Fedora 16
Canonical Ubuntu Linux 10.10
Suse Linux Enterprise Desktop 11
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Debian Debian Linux 6.0
Fedoraproject Fedora 15
Canonical Ubuntu Linux 10.04
Suse Linux Enterprise Software Development Kit 11
Oracle Outside In Technology 8.3.5
Oracle Outside In Technology 8.3.7
Redhat Enterprise Linux Desktop 4
6.8
CVSSv2
CVE-2011-4516
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker...
Jasper Project Jasper 1.900.1
Suse Linux Enterprise Server 11
Fedoraproject Fedora 16
Canonical Ubuntu Linux 10.10
Suse Linux Enterprise Desktop 11
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Debian Debian Linux 6.0
Fedoraproject Fedora 15
Canonical Ubuntu Linux 10.04
Suse Linux Enterprise Software Development Kit 11
Oracle Outside In Technology 8.3.5
Oracle Outside In Technology 8.3.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »