GCVE - cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:*

part: a version: 9.52 update: *

Vendor	Artifex (`0075fabc-cec9-5063-a004-04a5c9db1a9b`)
Product	Ghostscript (`2768aa7e-f93f-51c8-bf61-d81e3bb18978`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ghostscript`	purl2cpe	2026-06-01 10:15:00.091843
`pkg:deb/ubuntu/ghostscript`	purl2cpe	2026-06-01 10:15:00.091845
`pkg:github/artifexsoftware/ghostpdl`	purl2cpe	2026-06-01 10:15:00.091847
`pkg:github/artifexsoftware/ghostpdl-downloads`	purl2cpe	2026-06-01 10:15:00.091849
`pkg:rpm/fedora/ghostscript`	purl2cpe	2026-06-01 10:15:00.091850
`pkg:rpm/opensuse/ghostscript`	purl2cpe	2026-06-01 10:15:00.091852
`pkg:sourceforge/ghostscript`	purl2cpe	2026-06-01 10:15:00.091853

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-3781`	vulnerable	2026-06-08 05:33:54.000814	Details available A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Published: 2022-02-16T00:00:00.000Z Updated: 2024-08-03T17:09:08.668Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://ghostscript.com/CVE-2021-3781.html https://security.gentoo.org/glsa/202211-11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36773`	vulnerable	2026-06-08 05:25:49.583477	Details available Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). Published: 2024-02-04T00:00:00.000Z Updated: 2025-05-22T17:29:16.336Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=702229 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874 https://bugzilla.opensuse.org/show_bug.cgi?id=1177922 https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-15900`	vulnerable	2026-06-08 05:19:27.147367	Details available A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Published: 2020-07-28T15:17:14.000Z Updated: 2024-08-04T13:30:23.341Z Open on db.gcve.eu Reference links http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b https://artifex.com/security-advisories/CVE-2020-15900	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.