GCVE - cpe:2.3:a:artifex:afpl_ghostscript:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:artifex:afpl_ghostscript:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Artifex (`0075fabc-cec9-5063-a004-04a5c9db1a9b`)
Product	Afpl Ghostscript (`d619a0ed-5f7c-5933-b8e2-105c76bb734d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/artifexsoftware/ghostpdl`	purl2cpe	2026-06-01 10:15:00.009889

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-29511`	vulnerable	2026-06-03 14:55:27.290669	Details available Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd. Published: 2024-07-03T00:00:00.000Z Updated: 2024-08-02T01:10:55.453Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=707510 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=3d4cfdc1a44 https://www.openwall.com/lists/oss-security/2024/07/03/7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6196`	vulnerable	2026-06-03 14:37:27.416568	Details available Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. Published: 2017-02-24T04:23:00.000Z Updated: 2024-08-05T15:25:49.164Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1037899 http://www.securityfocus.com/bid/96428 http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ecceafe3abba2714ef9b432035fe0739d9b1a283 https://security.gentoo.org/glsa/201708-06 https://bugs.ghostscript.com/show_bug.cgi?id=697596	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-3228`	vulnerable	2026-06-03 14:34:49.672080	Details available Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. Published: 2015-08-11T14:00:00.000Z Updated: 2024-08-06T05:39:32.070Z Open on db.gcve.eu Reference links http://www.debian.org/security/2015/dsa-3326 http://bugs.ghostscript.com/show_bug.cgi?id=696070 http://www.securitytracker.com/id/1033149 https://bugzilla.redhat.com/show_bug.cgi?id=1232805 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=0c0b0859	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.