Artifex: >> Ghostscript >> 9.52 Security Vulnerabilities
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
CVSS Score
5.5
EPSS Score
0.0
Published
2022-01-01
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
CVSS Score
5.5
EPSS Score
0.0
Published
2022-01-01
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
CVSS Score
5.5
EPSS Score
0.012
Published
2020-08-13
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVSS Score
9.8
EPSS Score
0.104
Published
2020-07-28
Page 4