GCVE - cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*

part: a version: 9.50 update: *

Vendor	Artifex (`0075fabc-cec9-5063-a004-04a5c9db1a9b`)
Product	Ghostscript (`2768aa7e-f93f-51c8-bf61-d81e3bb18978`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/ghostscript`	purl2cpe	2026-06-01 10:15:00.091806
`pkg:deb/ubuntu/ghostscript`	purl2cpe	2026-06-01 10:15:00.091808
`pkg:github/artifexsoftware/ghostpdl`	purl2cpe	2026-06-01 10:15:00.091810
`pkg:github/artifexsoftware/ghostpdl-downloads`	purl2cpe	2026-06-01 10:15:00.091812
`pkg:rpm/fedora/ghostscript`	purl2cpe	2026-06-01 10:15:00.091814
`pkg:rpm/opensuse/ghostscript`	purl2cpe	2026-06-01 10:15:00.091815
`pkg:sourceforge/ghostscript`	purl2cpe	2026-06-01 10:15:00.091817

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-3781`	vulnerable	2026-06-08 05:33:53.999969	Details available A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Published: 2022-02-16T00:00:00.000Z Updated: 2024-08-03T17:09:08.668Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://ghostscript.com/CVE-2021-3781.html https://security.gentoo.org/glsa/202211-11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-21890`	vulnerable	2026-06-08 05:22:31.100074	Details available Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. Published: 2023-08-22T00:00:00.000Z Updated: 2024-10-04T16:14:42.049Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701846 https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-21710`	vulnerable	2026-06-08 05:22:31.021234	Details available A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. Published: 2023-08-22T00:00:00.000Z Updated: 2024-10-03T20:07:54.438Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701843 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=4e713293de84b689c4ab358f3e110ea54aa81925 https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-17538`	vulnerable	2026-06-08 05:20:56.785358	Details available A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Published: 2020-08-13T02:10:10.000Z Updated: 2025-03-24T20:28:54.780Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701792 https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16310`	vulnerable	2026-06-08 05:19:27.899035	Details available A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Published: 2020-08-13T02:10:04.000Z Updated: 2024-08-04T13:37:54.216Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701828 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=eaba1d97b62831b42c51840cc8ee2bc4576c942e https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16309`	vulnerable	2026-06-08 05:19:27.898408	Details available A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. Published: 2020-08-13T02:09:56.000Z Updated: 2024-08-04T13:37:54.263Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701827 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=a6f7464dddc689386668a38b92dfd03cc1b38a10 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16308`	vulnerable	2026-06-08 05:19:27.897795	Details available A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Published: 2020-08-13T02:09:49.000Z Updated: 2024-08-04T13:37:54.248Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701829 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=af004276fd8f6c305727183c159b83021020f7d6 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16307`	vulnerable	2026-06-08 05:19:27.897123	Details available A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. Published: 2020-08-13T02:09:44.000Z Updated: 2024-08-04T13:37:54.295Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701822 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=407c98a38c3a6ac1681144ed45cc2f4fc374c91f https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16306`	vulnerable	2026-06-08 05:19:27.896524	Details available A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. Published: 2020-08-13T02:09:26.000Z Updated: 2024-08-04T13:37:54.253Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701821 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=aadb53eb834b3def3ef68d78865ff87a68901804 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16305`	vulnerable	2026-06-08 05:19:27.895582	Details available A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Published: 2020-08-13T02:09:22.000Z Updated: 2024-08-04T13:37:54.242Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701819 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=2793769ff107d8d22dadd30c6e68cd781b569550 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16304`	vulnerable	2026-06-08 05:19:27.894920	Details available A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. Published: 2020-08-13T02:09:12.000Z Updated: 2025-03-04T18:37:21.905Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701816 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16303`	vulnerable	2026-06-08 05:19:27.894296	Details available A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. Published: 2020-08-13T02:09:06.000Z Updated: 2024-08-04T13:37:54.291Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701818 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=94d8955cb77 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16302`	vulnerable	2026-06-08 05:19:27.893676	Details available A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. Published: 2020-08-13T02:09:02.000Z Updated: 2024-08-04T13:37:54.244Z Open on db.gcve.eu Reference links https://bugs.ghostscript.com/show_bug.cgi?id=701815 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=366ad48d076c1aa4c8f83c65011258a04e348207 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://www.debian.org/security/2020/dsa-4748 https://security.gentoo.org/glsa/202008-20	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-15900`	vulnerable	2026-06-08 05:19:27.146551	Details available A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Published: 2020-07-28T15:17:14.000Z Updated: 2024-08-04T13:30:23.341Z Open on db.gcve.eu Reference links http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b https://artifex.com/security-advisories/CVE-2020-15900	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.