hackerone.com Open in urlscan Pro
2606:4700::6810:6334  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to main content  >

Hacktivity

Opportunities

Directory

Leaderboard

Learn more about HackerOne
Log in


HACKTIVITY

OverviewCVE DiscoveryCWE Discovery



CVE DISCOVERY

The Common Vulnerabilities and Exposures Discovery Index ranks the top CVEs by
recency and instances. CVE data extracted every 6 hours; ranking updated hourly.
SearchSearch


H1 Rank

CVE IDNumber of reportsVendorProductDescription77CVE-2023-3666410artifex,
debian, fedoraprojectdebian_linux, fedora, ghostscriptArtifex Ghostscript
through 10.01.2 mishandles permission validation for pipe devices (with the
%pipe% prefix or the | pipe character prefix).120CVE-2023-288799artifex,
debiandebian_linux, ghostscriptIn Artifex Ghostscript through 10.01.0, there is
a buffer overflow leading to potential corruption of data internal to the
PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode,
TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than
full, and one then tries to write an escaped character, two bytes are
written.483CVE-2021-37819artifex, fedoraprojectfedora, ghostscriptA trivial
sandbox (enabled with the `-dSAFER` option) escape flaw was found in the
ghostscript interpreter by injecting a specially crafted pipe command. This flaw
allows a specially crafted document to execute arbitrary commands on the system
in the context of the ghostscript interpreter. The highest threat from this
vulnerability is to confidentiality, integrity, as well as system
availability.555CVE-2018-165097artifex, canonical, debian, redhatdebian_linux,
enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_eus,
enterprise_linux_workstation, ghostscript, gpl_ghostscript, ubuntu_linuxAn issue
was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of
privilege" checking during handling of /invalidaccess exceptions could be used
by attackers able to supply crafted PostScript to execute code using the "pipe"
instruction.604CVE-2019-102166artifex, redhat3scale_api_management,
enterprise_linux, enterprise_linux_desktop, enterprise_linux_server,
enterprise_linux_server_aus, enterprise_linux_server_eus,
enterprise_linux_server_tus, enterprise_linux_workstation, ghostscriptIn
ghostscript before version 9.50, the .buildfont1 procedure did not properly
secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions.
An attacker could abuse this flaw by creating a specially crafted PostScript
file that could escalate privileges and access files outside of restricted
areas.604CVE-2019-148126artifex, fedoraprojectfedora, ghostscriptA flaw was
found in all ghostscript versions 9.x before 9.50, in the .setuserparams2
procedure where it did not properly secure its privileged calls, enabling
scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file
could disable security protection and then have access to the file system, or
execute arbitrary commands.604CVE-2019-148116artifex, debian, fedoraproject,
opensuse, redhatdebian_linux, fedora, ghostscript, leap,
openshift_container_platformA flaw was found in, ghostscript versions prior to
9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A
specially crafted PostScript file could disable security protection and then
have access to the file system, or execute arbitrary
commands.663CVE-2018-194095artifex, canonical, debian, redhatdebian_linux,
enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus,
enterprise_linux_server_eus, enterprise_linux_workstation, ghostscript,
ubuntu_linuxAn issue was discovered in Artifex Ghostscript before 9.26.
LockSafetyParams is not checked correctly if another device is
used.741CVE-2017-82914artifexghostscriptArtifex Ghostscript through 2017-04-26
allows -dSAFER bypass and remote command execution via .rsdparams type confusion
with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an
input to the gs program, as exploited in the wild in April
2017.741CVE-2019-38354artifex, debian, fedoraproject, opensuse,
redhatansible_tower, debian_linux, enterprise_linux_desktop,
enterprise_linux_server, enterprise_linux_server_aus,
enterprise_linux_server_eus, enterprise_linux_server_tus,
enterprise_linux_workstation, fedora, ghostscript, leapIt was found that the
superexec operator was available in the internal dictionary in ghostscript
before 9.27. A specially crafted PostScript file could use this flaw in order
to, for example, have access to the file system outside of the constrains
imposed by -dSAFER.1189CVE-2019-250592artifex, debiandebian_linux,
ghostscriptArtifex Ghostscript through 9.26 mishandles .completefont. NOTE: this
issue exists because of an incomplete fix for
CVE-2019-3839.1189CVE-2020-159002artifex, canonical, opensuseghostscript, leap,
ubuntu_linuxA memory corruption issue was found in Artifex Ghostscript 9.50 and
9.52. Use of a non-standard PostScript operator can allow overriding of file
access controls. The 'rsearch' calculation for the 'post' size resulted in a
size that was too large, and could underflow to max uint32_t. This was fixed in
commit
5d499272b95a6b890a1397e11d20937de000d31b.1835CVE-2016-79761artifexghostscriptThe
PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute
arbitrary code via crafted userparams.1835CVE-2019-61161artifex, canonical,
debian, fedoraproject, opensuse, redhatdebian_linux, enterprise_linux_desktop,
enterprise_linux_server, enterprise_linux_server_aus,
enterprise_linux_server_eus, enterprise_linux_server_tus,
enterprise_linux_workstation, fedora, ghostscript, leap, ubuntu_linuxIn Artifex
Ghostscript through 9.26, ephemeral or transient procedures can allow access to
system operators, leading to remote code execution.1835CVE-2019-38381artifex,
debian, fedoraproject, opensuse, redhatansible_tower, debian_linux,
enterprise_linux, enterprise_linux_desktop, enterprise_linux_server,
enterprise_linux_server_aus, enterprise_linux_server_eus,
enterprise_linux_server_tus, enterprise_linux_workstation, fedora, ghostscript,
leapIt was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the file
system outside of the constrains imposed by
-dSAFER.1835CVE-2016-79771artifexghostscriptGhostscript before 9.21 might allow
remote attackers to bypass the SAFER mode protection mechanism and consequently
read arbitrary files via the use of the .libfile operator in a crafted
postscript document.1835CVE-2019-148131artifex, debian, fedoraproject, opensuse,
redhatdebian_linux, enterprise_linux, enterprise_linux_desktop,
enterprise_linux_server, enterprise_linux_server_aus,
enterprise_linux_server_eus, enterprise_linux_server_tus,
enterprise_linux_workstation, fedora, ghostscript, leap,
openshift_container_platformA flaw was found in ghostscript, versions 9.x before
9.50, in the setsystemparams procedure where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially
crafted PostScript file could disable security protection and then have access
to the file system, or execute arbitrary commands.1835CVE-2019-38391artifex,
canonical, debian, fedoraproject, opensuse, redhatdebian_linux,
enterprise_linux, fedora, ghostscript, leap, ubuntu_linuxIt was found that in
ghostscript some privileged operators remained accessible from various places
after the CVE-2019-6116 fix. A specially crafted PostScript file could use this
flaw in order to, for example, have access to the file system outside of the
constrains imposed by -dSAFER. Ghostscript versions before 9.27 are
vulnerable.5630CVE-2020-163020artifex, canonical, debiandebian_linux,
ghostscript, ubuntu_linuxA buffer overflow vulnerability in
jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript
v9.50 allows a remote attacker to escalate privileges via a crafted PDF file.
This is fixed in v9.51.5630CVE-2017-97270artifex, debiandebian_linux,
ghostscript_ghostxpsThe gx_ttfReader__Read function in base/gxttfb.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) or possibly have unspecified
other impact via a crafted
document.5630CVE-2017-97400artifexghostscript_ghostxpsThe
xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based
buffer over-read and application crash) or possibly have unspecified other
impact via a crafted document.5630CVE-2009-05840argyllcms, ghostscriptcms,
ghostscripticc.c in the International Color Consortium (ICC) Format library (aka
icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management
System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a
denial of service (application crash) or possibly execute arbitrary code by
using a device file for processing a crafted image file associated with large
integer values for certain sizes, related to an ICC profile in a (1) PostScript
or (2) PDF file with embedded
images.5630CVE-2008-66790ghostscriptghostscriptBuffer overflow in the BaseFont
writer module in Ghostscript 8.62, and possibly other versions, allows remote
attackers to cause a denial of service (ps2pdf crash) and possibly execute
arbitrary code via a crafted Postscript file.5630CVE-2020-163010artifex,
canonical, debiandebian_linux, ghostscript, ubuntu_linuxA buffer overflow
vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a denial of service via a
crafted PDF file. This is fixed in v9.51.5630CVE-2020-162930artifex, canonical,
debiandebian_linux, ghostscript, ubuntu_linuxA null pointer dereference
vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in
base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to
cause a denial of service via a crafted PDF file. This is fixed in v9.51.

1-25 of 147
Previous pagePrevious page
Next pageNext page
It looks like your JavaScript is disabled. To use HackerOne, enable JavaScript
in your browser and refresh this page.


CloseClose

No matching CVE entry found for null