Advisory ROSA-SA-2024-2494

Software: ghostscript 9.25 OS: rosa-server79 packageevrstring: ghostscript-9.25-5.0.1.res7 CVE-ID: CVE-2024-33871 BDU-ID: 2024-05064 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the contrib/opvp/gdevopvp.c component of the Ghostscript processing, conversion, and document generation softwar...

Amazon Linux 2 : ghostscript (ALAS-2024-2469)

The version of ghostscript installed on the remote host is prior to 9.25-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2469 advisory. Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite becaus...

Low: ghostscript

Issue Overview: Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. CVE-2019-25059 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

SUSE CVE-2007-6520

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins...

Updated rxvt-unicode packages fix security vulnerability

rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. CVE-2022-4170...

SUSE: Security Advisory (SUSE-SU-2018:2976-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2975-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2975-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-14373

A use after free was found in igcrelocstructptr of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service...

CVE-2020-14373

A use after free was found in igcrelocstructptr of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service...

CVE-2020-14373

CVE-2020-14373 involves a use-after-free in igc_reloc_struct_ptr() (psi/igc.c) of Ghostscript, reported in version 9.25. A local attacker could craft a PDF to trigger a denial of service. The available documents confirm the root cause location and impact (DoS) but do not provide published exploit...

ghostscript security update

9.25-2.2 - Resolves: 1744008 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfhookDSCCreator 701445 - Resolves: 1744012 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams 701444 - Resolves: 1744003 - CVE-2019-14813 ghostscript: Safer...

Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190806)

The following packages have been upgraded to a later upstream version: ghostscript 9.25. Security Fixes : - ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files CVE-2018-11645 C Tenable Network Security, Inc. The...

CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

ghostscript: User-writable error exception table

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

[SECURITY] [DSA 4336-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq -...

CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Mitigation Please refer to the "Mitigation" section of CVE-2018-16509 :...

Unspecified Vulnerability in Artifex Software Ghostscript

Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-2)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 CVE-2018-15909: Prevent type confusio...