CVE-2018-18284

< 9.26

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy o

8.6HIGH

CVE-2018-16513

< 9.26

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor f

7.8HIGH

CVE-2018-16510

< 9.26

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives coul

7.8HIGH

CVE-2018-16509

< 9.26

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /inva

7.8HIGH

CVE-2018-15911

< 9.26

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access i

7.8HIGH

CVE-2018-15910

< 9.26

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistil

7.8HIGH

CVE-2018-15909

< 9.26

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supp

7.8HIGH

CVE-2016-9601

< 9.21

ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_

5.3MEDIUM

CVE-2013-6629

< 9.03

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.165

CVE-2012-4875

all versions

Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assiste

CVE-2010-4054

all versions

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference

CVE-2009-3743

<= 8.70

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attacker

CVE-2010-2055

<= 8.71

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute ar

CVE-2009-4897

<= 8.64

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a den

CVE-2010-1628

all versions

Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript

CVE-2010-1869

all versions

Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbi