Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Aladdin Enterprises Subscribe
Filtered by product Ghostscript
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0155 1 Aladdin Enterprises 1 Ghostscript 2022-08-17 7.5 HIGH N/A
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
CVE-2004-0967 1 Aladdin Enterprises 1 Ghostscript 2017-10-10 7.2 HIGH N/A
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
CVE-2000-1162 1 Aladdin Enterprises 1 Ghostscript 2017-10-09 3.7 LOW N/A
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
CVE-2000-1163 1 Aladdin Enterprises 1 Ghostscript 2017-10-09 4.6 MEDIUM N/A
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
CVE-2001-1353 1 Aladdin Enterprises 1 Ghostscript 2016-10-17 2.6 LOW N/A
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
CVE-2002-0363 1 Aladdin Enterprises 1 Ghostscript 2008-09-05 7.5 HIGH N/A
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.