Search for packages
Package details: pkg:alpm/archlinux/ghostscript@9.27-2
purl pkg:alpm/archlinux/ghostscript@9.27-2
Next non-vulnerable version 9.50-1
Latest non-vulnerable version 10.05.1-2
Risk 4.4
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-2r6t-auqv-mka5
Aliases:
CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
9.50-1
Affected by 0 other vulnerabilities.
VCID-42dq-y9xv-tydw
Aliases:
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
9.50-1
Affected by 0 other vulnerabilities.
VCID-86px-1954-mugx
Aliases:
CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
9.50-1
Affected by 0 other vulnerabilities.
VCID-jc4x-udup-17g6
Aliases:
CVE-2019-14812
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
9.50-1
Affected by 0 other vulnerabilities.
VCID-kv1g-tzf8-akc7
Aliases:
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
9.50-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-31T11:36:53.973463+00:00 Arch Linux Importer Affected by VCID-kv1g-tzf8-akc7 https://security.archlinux.org/AVG-1031 37.0.0
2025-07-31T11:36:53.944886+00:00 Arch Linux Importer Affected by VCID-jc4x-udup-17g6 https://security.archlinux.org/AVG-1031 37.0.0
2025-07-31T11:36:53.913014+00:00 Arch Linux Importer Affected by VCID-42dq-y9xv-tydw https://security.archlinux.org/AVG-1031 37.0.0
2025-07-31T11:36:53.884599+00:00 Arch Linux Importer Affected by VCID-86px-1954-mugx https://security.archlinux.org/AVG-1031 37.0.0
2025-07-31T11:36:53.730022+00:00 Arch Linux Importer Affected by VCID-2r6t-auqv-mka5 https://security.archlinux.org/AVG-1069 37.0.0