Information on source package ghostscript

Available versions

ReleaseVersion
jessie9.26a~dfsg-0+deb8u12
stretch9.26a~dfsg-0+deb9u12
stretch (security)9.26a~dfsg-0+deb9u9
buster9.27~dfsg-2+deb10u9
bullseye9.53.3~dfsg-7+deb11u7
bullseye (security)9.53.3~dfsg-7+deb11u8
bookworm10.0.0~dfsg-11+deb12u5
bookworm (security)10.0.0~dfsg-11+deb12u6
trixie10.04.0~dfsg-1
sid10.04.0~dfsg-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-46956vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn issue was discovered in psi/zfile.c in Artifex Ghostscript before 1 ...
CVE-2024-46955vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...
CVE-2024-46954vulnerablevulnerablevulnerablefixedfixedfixedfixedAn issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Gh ...
CVE-2024-46953vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn issue was discovered in base/gsdevice.c in Artifex Ghostscript befo ...
CVE-2024-46952vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript befor ...
CVE-2024-46951vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn issue was discovered in psi/zcolor.c in Artifex Ghostscript before ...
CVE-2024-33871vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedAn issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...
CVE-2024-29510vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedArtifex Ghostscript before 10.03.1 allows memory corruption, and SAFER ...
CVE-2023-52722vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedAn issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmi ...
CVE-2023-43115vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedIn Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-29511vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedArtifex Ghostscript before 10.03.1, when Tesseract is used for OCR, ha ...
CVE-2023-38560vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedAn integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_ ...
CVE-2022-1350vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA vulnerability classified as problematic was found in GhostPCL 9.55.0 ...

Resolved issues

BugDescription
TEMP-0291452-29156Bgs-esp: Insecure usage of /tmp in source code
CVE-2024-33870An issue was discovered in Artifex Ghostscript before 10.03.1. There i ...
CVE-2024-33869An issue was discovered in Artifex Ghostscript before 10.03.1. Path tr ...
CVE-2024-29509Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...
CVE-2024-29508Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure ...
CVE-2024-29507Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer ...
CVE-2024-29506Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow i ...
CVE-2023-46751An issue was discovered in the function gdev_prn_open_printer_seekable ...
CVE-2023-38559A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_w ...
CVE-2023-36664Artifex Ghostscript through 10.01.2 mishandles permission validation f ...
CVE-2023-28879In Artifex Ghostscript through 10.01.0, there is a buffer overflow lea ...
CVE-2023-4042A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostsc ...
CVE-2022-2085A NULL pointer dereference vulnerability was found in Ghostscript, whi ...
CVE-2021-45949Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...
CVE-2021-45944Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...
CVE-2021-3781A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...
CVE-2020-36773Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-a ...
CVE-2020-27792A heap-based buffer overwrite vulnerability was found in GhostScript's ...
CVE-2020-21890Buffer Overflow vulnerability in clj_media_size function in devices/gd ...
CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in A ...
CVE-2020-17538A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...
CVE-2020-16310A division by zero vulnerability in dot24_print_page() in devices/gdev ...
CVE-2020-16309A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...
CVE-2020-16308A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...
CVE-2020-16307A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...
CVE-2020-16306A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...
CVE-2020-16305A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...
CVE-2020-16304A buffer overflow vulnerability in image_render_color_thresh() in base ...
CVE-2020-16303A use-after-free vulnerability in xps_finish_image_path() in devices/v ...
CVE-2020-16302A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...
CVE-2020-16301A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...
CVE-2020-16300A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...
CVE-2020-16299A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...
CVE-2020-16298A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...
CVE-2020-16297A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...
CVE-2020-16296A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...
CVE-2020-16295A null pointer dereference vulnerability in clj_media_size() in device ...
CVE-2020-16294A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...
CVE-2020-16293A null pointer dereference vulnerability in compose_group_nonknockout_ ...
CVE-2020-16292A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...
CVE-2020-16291A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...
CVE-2020-16290A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...
CVE-2020-16289A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...
CVE-2020-16288A buffer overflow vulnerability in pj_common_print_page() in devices/g ...
CVE-2020-16287A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...
CVE-2020-15900A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...
CVE-2020-14373A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...
CVE-2019-25059Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this ...
CVE-2019-14869A flaw was found in all versions of ghostscript 9.x before 9.50, where ...
CVE-2019-14817A flaw was found in, ghostscript versions prior to 9.50, in the .pdfex ...
CVE-2019-14813A flaw was found in ghostscript, versions 9.x before 9.50, in the sets ...
CVE-2019-14812A flaw was found in all ghostscript versions 9.x before 9.50, in the . ...
CVE-2019-14811A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_h ...
CVE-2019-10216In ghostscript before version 9.50, the .buildfont1 procedure did not ...
CVE-2019-6116In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...
CVE-2019-3839It was found that in ghostscript some privileged operators remained ac ...
CVE-2019-3838It was found that the forceput operator could be extracted from the De ...
CVE-2019-3835It was found that the superexec operator was available in the internal ...
CVE-2018-19478In Artifex Ghostscript before 9.26, a carefully crafted PDF file can t ...
CVE-2018-19477psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attacke ...
CVE-2018-19476psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers ...
CVE-2018-19475psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attack ...
CVE-2018-19409An issue was discovered in Artifex Ghostscript before 9.26. LockSafety ...
CVE-2018-19134In Artifex Ghostscript through 9.25, the setpattern operator did not p ...
CVE-2018-18284Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...
CVE-2018-18073Artifex Ghostscript allows attackers to bypass a sandbox protection me ...
CVE-2018-17961Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...
CVE-2018-17183Artifex Ghostscript before 9.25 allowed a user-writable error exceptio ...
CVE-2018-16863It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An ...
CVE-2018-16802An issue was discovered in Artifex Ghostscript before 9.25. Incorrect ...
CVE-2018-16585An issue was discovered in Artifex Ghostscript before 9.24. The .setdi ...
CVE-2018-16543In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolutio ...
CVE-2018-16542In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...
CVE-2018-16541In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...
CVE-2018-16540In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...
CVE-2018-16539In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...
CVE-2018-16513In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...
CVE-2018-16511An issue was discovered in Artifex Ghostscript before 9.24. A type con ...
CVE-2018-16510An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...
CVE-2018-16509An issue was discovered in Artifex Ghostscript before 9.24. Incorrect ...
CVE-2018-15911In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...
CVE-2018-15910In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...
CVE-2018-15909In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using ...
CVE-2018-15908In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to s ...
CVE-2018-11645psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status c ...
CVE-2018-10194The set_text_distance function in devices/vector/gdevpdts.c in the pdf ...
CVE-2017-15652Artifex Ghostscript 9.22 is affected by: Obtain Information. The impac ...
CVE-2017-11714psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the ...
CVE-2017-9835The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...
CVE-2017-9740The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghos ...
CVE-2017-9739The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostX ...
CVE-2017-9727The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscrip ...
CVE-2017-9726The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...
CVE-2017-9620The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghos ...
CVE-2017-9619The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex G ...
CVE-2017-9618The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...
CVE-2017-9612The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...
CVE-2017-9611The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...
CVE-2017-9610The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...
CVE-2017-8908The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 all ...
CVE-2017-8291Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remot ...
CVE-2017-7948Integer overflow in the mark_curve function in Artifex Ghostscript 9.2 ...
CVE-2017-7207The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscr ...
CVE-2017-6196Multiple use-after-free vulnerabilities in the gx_image_enum_begin fun ...
CVE-2017-5951The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Softw ...
CVE-2016-10317The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex S ...
CVE-2016-10220The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Soft ...
CVE-2016-10219The intersect function in base/gxfill.c in Artifex Software, Inc. Ghos ...
CVE-2016-10218The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...
CVE-2016-10217The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...
CVE-2016-8602The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 al ...
CVE-2016-7979Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...
CVE-2016-7978Use-after-free vulnerability in Ghostscript 9.20 might allow remote at ...
CVE-2016-7977Ghostscript before 9.21 might allow remote attackers to bypass the SAF ...
CVE-2016-7976The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attacker ...
CVE-2015-3228Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc. ...
CVE-2013-5653The getenv and filenameforall functions in Ghostscript 9.10 ignore the ...
CVE-2012-4875Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when pro ...
CVE-2012-4405Multiple integer underflows in the icmLut_allocate function in Interna ...
CVE-2011-4517The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.90 ...
CVE-2011-4516Heap-based buffer overflow in the jpc_cox_getcompparms function in lib ...
CVE-2010-4820Untrusted search path vulnerability in Ghostscript 8.62 allows local u ...
CVE-2010-4054The gs_type2_interpret function in Ghostscript allows remote attackers ...
CVE-2010-2055Ghostscript 8.71 and earlier reads initialization files from the curre ...
CVE-2010-1869Stack-based buffer overflow in the parser function in GhostScript 8.70 ...
CVE-2010-1628Ghostscript 8.64, 8.70, and possibly other versions allows context-dep ...
CVE-2009-4897Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allo ...
CVE-2009-4270Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...
CVE-2009-3743Off-by-one error in the Ins_MINDEX function in the TrueType bytecode i ...
CVE-2009-3720The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...
CVE-2009-3560The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...
CVE-2009-0792Multiple integer overflows in icc.c in the International Color Consort ...
CVE-2009-0584icc.c in the International Color Consortium (ICC) Format library (aka ...
CVE-2009-0583Multiple integer overflows in icc.c in the International Color Consort ...
CVE-2009-0196Heap-based buffer overflow in the big2_decode_symbol_dict function (jb ...
CVE-2008-6679Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...
CVE-2008-3522Buffer overflow in the jas_stream_printf function in libjasper/base/ja ...
CVE-2008-3520Multiple integer overflows in JasPer 1.900.1 might allow context-depen ...
CVE-2008-0411Stack-based buffer overflow in the zseticcspace function in zicc.c in ...
CVE-2007-6725The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly o ...
CVE-2007-2721The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG- ...

Security announcements

DSA / DLADescription
DSA-5808-1ghostscript - security update
DLA-3931-1ghostscript - security update
DSA-5760-1ghostscript - security update
DSA-5692-1ghostscript - security update
DSA-5578-1ghostscript - security update
ELA-974-1ghostscript - security update
DLA-3582-1ghostscript - security update
DLA-3519-1ghostscript - security update
DSA-5446-1ghostscript - security update
ELA-833-1ghostscript - security update
DSA-5383-1ghostscript - security update
DLA-3381-1ghostscript - security update
DLA-3096-1ghostscript - security update
ELA-673-1ghostscript - security update
ELA-606-1ghostscript - security update
DLA-2989-1ghostscript - security update
ELA-540-1ghostscript - security update
DLA-2879-1ghostscript - security update
DSA-5038-1ghostscript - security update
DSA-4972-1ghostscript - security update
DSA-4748-1ghostscript - security update
DLA-2335-1ghostscript - security update
ELA-262-1ghostscript - security update
DSA-4569-1ghostscript - security update
DLA-1992-1ghostscript - security update
DLA-1915-1ghostscript - security update
DSA-4518-1ghostscript - security update
DLA-1880-1ghostscript - security update
DSA-4499-1ghostscript - security update
DLA-1792-1ghostscript - security update
DSA-4442-1ghostscript - security update
DLA-1761-1ghostscript - security update
DSA-4432-1ghostscript - security update
DLA-1670-1ghostscript - security update
DSA-4372-1ghostscript - security update
DLA-1620-1ghostscript - security update
DSA-4346-2ghostscript - regression update
DLA-1598-1ghostscript - security update
DSA-4346-1ghostscript - security update
DSA-4336-1ghostscript - security update
DLA-1552-1ghostscript - security update
DLA-1527-2ghostscript - regression update
DLA-1527-1ghostscript - security update
DSA-4294-1ghostscript - security update
DLA-1504-1ghostscript - security update
DSA-4288-1ghostscript - security update
ELA-6-1ghostscript - security update
DLA-1363-1ghostscript - security update
DSA-3986-1ghostscript - security update
DLA-1048-1ghostscript - security update
DLA-932-1ghostscript - security update
DSA-3838-1ghostscript - security update
DLA-905-1ghostscript - security update
DSA-3691-2ghostscript - regression update
DLA-674-2ghostscript - regression update
DLA-674-1ghostscript - security update
DSA-3691-1ghostscript - security update
DSA-3326-1ghostscript - security update
DLA-280-1ghostscript - security update
DSA-2595-1ghostscript - buffer overflow
DSA-2093-1ghostscript - several vulnerabilities
DSA-2080-1ghostscript - several vulnerabilities
DSA-1746-1ghostscript gs-gpl - arbitrary code execution

Search for package or bug name: Reporting problems