[SECURITY] Fedora 42 Update: evince-48.1-2.fc42

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 43 Update: evince-48.1-2.fc43

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 44 Update: evince-48.1-5.fc44

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow prior to version 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to handle any combination of \r and \n as line endings. This implementation uses a quadratic method of accumulating lines while searching for a line ending. A malicious EPS...

GHSA-496F-X7CQ-CQ39 Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file

Impact An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image...

Linux Distros Unpatched Vulnerability : CVE-2021-28677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as...

CVE-2022-41194

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...

Ghostscript Command Execution via Format String

This module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2...

CVE-2023-44464

pretix before 2023.7.2 allows Pillow to parse EPS files...

rami.io pretix security breach

rami.io pretix is a ticket store application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, bars, etc. from the German company rami.io. A security vulnerability exists in rami.io pretix versions prior to 2023.7.2 that stems from allowing Pillow to parse EPS file...

PT-2023-29246 · Pillow +1 · Pillow +1

Name of the Vulnerable Software and Affected Versions: pretix versions prior to 2023.7.2 Description: The issue allows Pillow to parse EPS files. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this...

SUSE CVE-2012-6076

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts...

CVE-2022-41194

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...

CVE-2022-41193

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

The vulnerability of Adobe Premiere Rush software, related to the execution of operations beyond buffer boundaries in memory, allows attackers to execute arbitrary code.

The vulnerability of Adobe Premiere Rush relates to the execution of operations beyond the buffer in memory when processing EPS/TIFF files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript is related to shortcomings in data transformation. This vulnerability allows an attacker to execute arbitrary commands and bypass security measures.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to deficiencies in the transformation of data types within the .rsdparams operator. Exploiting this vulnerability allows an attacker to execute arbitrary commands and bypass the .dSAFER...

python-pillow: Excessive CPU use in EPS image reader

A flaw was found in python-pillow. The readline used in EPS has to deal with any combination of \r and \n as line endings. It accidentally used a quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a denial-of-service of Pillow in...

The vulnerability in the implementation of the readline component of the EPSImageFile library used in the Pillow image processing library lies in insufficient input validation. This allows a malicious actor to cause a service failure.

The vulnerability of the readline implementation in the EPSImageFile component of the Pillow image processing library is related to the use of a quadratic string accumulation method during line termination searches. Exploiting this vulnerability could allow an attacker to cause a service failure ...

DEBIAN-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...