64 matches found
EUVD-2019-5942
Malware in sbrugna...
EUVD-2019-5984
Malware in sbrugna...
CVE-1999-0155
The ghostscript command with the -dSAFER option allows remote attackers to execute commands...
CVE-2018-15908
It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibly exploit this to exploit this to bypass the -dSAFER protection and delete files or disclose their content via a specially crafted PostScript document. Mitigation Please se...
MGASA-2021-0436 Updated ghostscript packages fix security vulnerability
Trivial -dSAFER bypass in 9.55. CVE-2021-3781...
Updated ghostscript packages fix security vulnerability
Trivial -dSAFER bypass in 9.55. CVE-2021-3781...
Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2016-1050)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2019:2534-1 Security update for ghostscript
This update for ghostscript fixes the following issues: - CVE-2019-14869: Fixed a possible dSAFER escape which could have allowed an attacker to gain high privileges by a specially crafted Postscript code bsc1156275. This update was imported from the SUSE:SLE-15:Update update project...
MGASA-2019-0336 Updated ghostscript packages fix security vulnerability
The updated packages fix a security vulnerability: -dSAFER escape in .charkeys. CVE-2019-14869...
Information Disclosure
ghostscript is vulnerable to information disclosure. The vulnerability exists due to -dSAFER escape in .charkeys...
Debian: Security Advisory (DLA-1992-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-15909
It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...
Debian: Security Advisory (DLA-1915-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1915-1 : ghostscript security update
It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. For Debian 8 'Jessie', these problems have been fixed in version...
Debian DSA-4518-1 : ghostscript - security update
It was discovered that various procedures in Ghostscript, the GPL PostScript/PDF interpreter, do not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DSA-4499-1 : ghostscript - security update
Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. C Tenable Network Security, Inc. The descriptive text and package checks...
USN-4092-1: Ghostscript vulnerability
Netanel Fisher discovered that the font handler in Ghostscript did not properly restrict privileged calls when '-dSAFER' restrictions were in effect. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access...
NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0145)
The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0054)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit thi...
Updated ghostscript packages fix security vulnerability
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...