Shodan
Vulnerabilities
Vulnerable Software
Artifex:  >> Ghostscript  >> 9.20  Security Vulnerabilities
CVE-2016-7977
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
CVSS Score
5.5
EPSS Score
0.011
Published
2017-05-23
CVE-2016-7978
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
CVSS Score
9.8
EPSS Score
0.03
Published
2017-05-23
CVE-2016-7979
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-05-23
CVE-2017-8291
Known exploited
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVSS Score
7.8
EPSS Score
0.927
Published
2017-04-27
CVE-2016-8602
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-04-14
CVE-2016-10317
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.
CVSS Score
7.8
EPSS Score
0.01
Published
2017-04-03
CVE-2016-10217
The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.
CVSS Score
5.5
EPSS Score
0.008
Published
2017-04-03
CVE-2016-10218
The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-04-03
CVE-2016-10219
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.01
Published
2017-04-03
CVE-2016-10220
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module.
CVSS Score
5.5
EPSS Score
0.01
Published
2017-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved