%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
ghostscript
Version
9.55.0
Type
library
Description
The GPL Ghostscript PostScript/PDF interpreter
Licenses
AGPL-3.0-or-later
PURL
-
CPE
cpe:2.3:*:artifex:ghostscript:9.55.0:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
Bug 708192: Fix potential print buffer overflow
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2025-27836
2
Uniprint device - prevent string configuration changes
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-29510
3
Bug 706897: Copy pcx buffer overrun fix from
Chris Liddell <chris.liddell@artifex.com>
CVE-2023-38559
4
Bug 708241: Fix potential Buffer overflow with DollarBlend
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2025-27830
5
avoid host contamination
Kai Kang <kai.kang@windriver.com>
6
PostScript interpreter - fix buffer length check
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2024-46956
7
pdfwrite - avoid buffer overrun
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2025-59798
8
Bug #707686
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-33870
9
Bug 707510(5)2: The original fix was overly aggressive
Chris Liddell <chris.liddell@artifex.com>
CVE-2024-29511
10
PDF interpreter - Guard against unsigned int overflow
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2025-27834
11
ghostscript-native:fix disable-system-libtiff
Hongxu Jia <hongxu.jia@windriver.com>
12
In SAFER (default) don't allow eexec seeds other than the
Chris Liddell <chris.liddell@artifex.com>
CVE-2023-52722
13
contrib.mak: fix for parallel build
Robert Yang <liezhi.yang@windriver.com>
14
OPVP device - prevent unsafe parameter change with SAFER
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2024-33871
15
PS interpreter - check Indexed colour space index
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2024-46955
16
Bug 708131: Fix confusion between bytes and shorts
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2025-27835
17
base/genht.c: add a preprocessor define to allow fopen
Hongxu Jia <hongxu.jia@windriver.com>
18
Bug 707510 - review printing of pointers
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-29508
19
Bug 707264: Fix tiffsep(1) requirement for seekable output
Chris Liddell <chris.liddell@artifex.com>
CVE-2023-46751
20
Bug 707510 - don't allow PDF files with bad Filters to
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-29506
21
Bug 707510 - don't use strlen on passwords
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-29509
22
cups no gcrypt
Jackie Huang <jackie.huang@windriver.com>
23
pdfwrite - bounds check some strings
Piotr Kajda <petermasterperfect@gmail.com>
CVE-2025-59799
24
Graphics library - prevent buffer overrun in (T)BCP encoding
Ken Sharp <ken.sharp@artifex.com>
CVE-2023-28879
25
Argument sanitisation - handle '#' as per '='
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2025-48708
26
PS interpreter - check the type of the Pattern Implementation
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2024-46951
27
Bug 707510(5): Reject OCRLanguage changes after SAFER
Chris Liddell <chris.liddell@artifex.com>
CVE-2024-29511
28
Bug 704945: Add init_device_procs entry for mem_x_device.
Robin Watts <Robin.Watts@artifex.com>
CVE-2022-2085
29
Bug #707691
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-33869
30
IJS device - try and secure the IJS server startup
Ken Sharp <ken.sharp@artifex.com>
CVE-2023-43115
31
ghostscript: allow directories to be created more than
Joe Slater <joe.slater@windriver.com>
32
Bug 708133: Avoid integer overflow leading to buffer overflow
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2025-27832
33
base/gendev.c: fix for -Werror=return-type
Robert Yang <liezhi.yang@windriver.com>
34
Bug 707793: Check for overflow validating format string
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2024-46953
35
Bug 706778: 706761 revisit
Chris Liddell <chris.liddell@artifex.com>
CVE-2023-36664
36
PDF OCR 8 bit device - avoid overflow
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2025-59800
37
Coverity IDs 414141 & 414145
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-29508
38
Bug 706761: Don't "reduce" %pipe% file names for
Chris Liddell <chris.liddell@artifex.com>
CVE-2023-36664
39
Prevent Unicode decoding overrun
Zdenek Hutyra <zhutyra@centrum.cz>
CVE-2025-27831
40
Removal of globals in opvp device
Michael Vrhel <michael.vrhel@artifex.com>
CVE-2024-33871
41
Fix Coverity IDs 457699 and 457700
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2025-27836
42
PDF interpreter - sanitise W array values in Xref streams
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-46952
43
PCL interpreter - fix decode_glyph for Unicode
Ken Sharp <ken.sharp@artifex.com>
CVE-2025-27831
44
Bug 707691 part 2
Ken Sharp <Ken.Sharp@artifex.com>
CVE-2024-33869
45
Bug 705041: jbig2dec: Avoid uninitialized allocator in
Sebastian Rasmussen <sebras@gmail.com>
CVE-2023-46361
46
prevent recompiling
Kang Kai <kai.kang@windriver.com>
Vulnerabilities#
Name
Analysis
Description
Patched
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
Patched
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
Patched
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
Patched
gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
Patched
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
Patched
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
Patched
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdf_func.c.
Patched
An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
Patched
An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
Patched
An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
Patched
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
Patched
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
Patched
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
Patched
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).
Patched
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
Patched
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
Patched
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted.
Patched
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename.
Patched
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd.
Patched
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device.
Patched
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
Patched
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
Patched
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
Patched
An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.
Patched
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Patched
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.
Patched
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).
Patched
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.
Patched
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Patched
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Patched
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.