HCE1-SA-2023-0017 Critical HCE 1.1 Security Fix(es): GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private. (CVE-2018-12713) A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. (CVE-2020-14373) In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. (CVE-2018-19478) HCE 1.1 ghostscript-9.25-6.hce1c.x86_64.rpm libgs-9.25-6.hce1c.x86_64.rpm