Shodan
Vulnerabilities
Vulnerable Software
Artifex:  >> Ghostscript  >> 1.1  Security Vulnerabilities
CVE-2024-46952
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
CVSS Score
7.8
EPSS Score
0.0
Published
2024-11-10
CVE-2024-46953
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-11-10
CVE-2024-46954
An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-11-10
CVE-2024-46955
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-11-10
CVE-2024-46956
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-11-10
CVE-2024-46951
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-11-10
CVE-2024-29507
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-03
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
CVSS Score
6.3
EPSS Score
0.073
Published
2024-07-03
CVE-2024-29511
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-07-03
CVE-2024-33869
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
CVSS Score
5.3
EPSS Score
0.0
Published
2024-07-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved