GCVE - cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*

part: a version: 9.20 update: *

Vendor	Artifex (`0075fabc-cec9-5063-a004-04a5c9db1a9b`)
Product	Ghostscript (`2768aa7e-f93f-51c8-bf61-d81e3bb18978`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ghostscript`	purl2cpe	2026-06-01 10:15:00.091701
`pkg:deb/ubuntu/ghostscript`	purl2cpe	2026-06-01 10:15:00.091703
`pkg:github/artifexsoftware/ghostpdl`	purl2cpe	2026-06-01 10:15:00.091705
`pkg:github/artifexsoftware/ghostpdl-downloads`	purl2cpe	2026-06-01 10:15:00.091706
`pkg:rpm/fedora/ghostscript`	purl2cpe	2026-06-01 10:15:00.091708
`pkg:rpm/opensuse/ghostscript`	purl2cpe	2026-06-01 10:15:00.091710
`pkg:sourceforge/ghostscript`	purl2cpe	2026-06-01 10:15:00.091711

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7207`	vulnerable	2026-06-03 14:37:31.511813	Details available The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. Published: 2017-03-21T06:21:00.000Z Updated: 2024-08-05T15:56:36.125Z Open on db.gcve.eu Reference links http://www.debian.org/security/2017/dsa-3838 http://www.ghostscript.com/cgi-bin/findgit.cgi?309eca4e0a31ea70dcc844812691439312dad091 https://bugs.ghostscript.com/show_bug.cgi?id=697676 http://www.securitytracker.com/id/1039071 http://www.securityfocus.com/bid/96995	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5951`	vulnerable	2026-06-03 14:37:26.687810	Details available The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Published: 2017-04-03T05:44:00.000Z Updated: 2024-08-05T15:18:49.312Z Open on db.gcve.eu Reference links http://www.debian.org/security/2017/dsa-3838 https://bugs.ghostscript.com/show_bug.cgi?id=697548 http://www.securityfocus.com/bid/98665 https://security.gentoo.org/glsa/201708-06	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7978`	vulnerable	2026-06-03 14:36:08.752106	Details available Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Published: 2017-05-23T03:56:00.000Z Updated: 2024-08-06T02:13:21.322Z Open on db.gcve.eu Reference links http://www.debian.org/security/2016/dsa-3691 http://www.securityfocus.com/bid/95336 http://rhn.redhat.com/errata/RHSA-2017-0013.html https://bugs.ghostscript.com/show_bug.cgi?id=697179 http://www.openwall.com/lists/oss-security/2016/10/05/15	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7976`	vulnerable	2026-06-03 14:36:08.750312	Details available The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. Published: 2017-08-07T20:00:00.000Z Updated: 2024-08-06T02:13:21.340Z Open on db.gcve.eu Reference links http://www.debian.org/security/2016/dsa-3691 https://bugs.ghostscript.com/show_bug.cgi?id=697178 http://www.openwall.com/lists/oss-security/2016/10/19/6 http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git%3Ba=commit%3Bh=6d444c273da5499a4cd72f21cb6d4c9a5256807d https://security.gentoo.org/glsa/201702-31	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10317`	vulnerable	2026-06-03 14:35:23.819731	Details available The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. Published: 2017-04-03T20:00:00.000Z Updated: 2024-08-06T03:14:43.165Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=697459 https://usn.ubuntu.com/3636-1/ http://www.securityfocus.com/bid/97410	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10220`	vulnerable	2026-06-03 14:35:23.647578	Details available The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. Published: 2017-04-03T05:44:00.000Z Updated: 2024-08-06T03:14:42.829Z Open on db.gcve.eu Reference links http://www.debian.org/security/2017/dsa-3838 https://bugs.ghostscript.com/show_bug.cgi?id=697450 https://security.gentoo.org/glsa/201708-06 http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10219`	vulnerable	2026-06-03 14:35:23.647241	Details available The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. Published: 2017-04-03T05:44:00.000Z Updated: 2024-08-06T03:14:42.861Z Open on db.gcve.eu Reference links http://www.debian.org/security/2017/dsa-3838 https://bugs.ghostscript.com/show_bug.cgi?id=697453 https://security.gentoo.org/glsa/201708-06 http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10218`	vulnerable	2026-06-03 14:35:23.646892	Details available The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Published: 2017-04-03T05:44:00.000Z Updated: 2024-08-06T03:14:42.939Z Open on db.gcve.eu Reference links http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=d621292fb2c8157d9899dcd83fd04dd250e30fe4 https://bugs.ghostscript.com/show_bug.cgi?id=697444	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10217`	vulnerable	2026-06-03 14:35:23.646486	Details available The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. Published: 2017-04-03T05:44:00.000Z Updated: 2024-08-06T03:14:42.873Z Open on db.gcve.eu Reference links http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb https://bugs.ghostscript.com/show_bug.cgi?id=697456	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.