Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a free software package from Artifex, Inc. based on Adobe, PostScript, and the Portable Document Format page description language. A security vulnerability exists in Artifex Ghostscript versions prior to 10.03.1, which allows execution of arbitrary code via a custom driver...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript versions prior to 10.03.1, which can be exploited to traverse paths to...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.0, which results from a heap-based overflow when...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript and Portable Document Format page description languages. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.0, which results from a heap-based pointer disclosure in the...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript, and the Page Description Language for Portable Document Format PDL. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.0, which is caused by a stack-based buffer overflow...

CVE-2024-29509

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

CVE-2024-29507

CVE-2024-29507 affects Artifex Ghostscript prior to 10.03.0. The vulnerability is described in multiple sources as a heap-based pointer disclosure observable in a constructed BaseFont name within pdf_base_font_alloc, in addition to the already noted stack-based issues (CIDFSubstPath/CIDFSubstFont...

CVE-2024-29506

Artifex Ghostscript is affected by CVE-2024-29506: Ghostscript before 10.03.0 contains a stack-based buffer overflow in pdfi_apply_filter() triggered by a long PDF filter name. Impact, per available references, includes potential memory corruption with high-severity risk; exploitation details are...

CVE-2024-29508

CVE-2024-29508 affects Artifex Ghostscript prior to 10.03.0. The issue is a heap-based pointer disclosure observable in a constructed BaseFont name, in the function pdf_base_font_alloc. Documents consistently describe this Ghostscript vulnerability as enabling information leakage. The CVSSv3.1 ve...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2276-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2276-1 advisory. - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format...

CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...

CVE-2024-29509

CVE-2024-29509 affects Artifex Ghostscript before 10.03.0, where a heap-based overflow occurs when PDFPassword (e.g., for runpdf) contains a embedded NUL byte in the middle. This can lead to corruption or potential code execution as described in public disclosures. The vulnerability is attributed...

CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Recent assessments: cdelafuente-r7 at August 13, 2024 10:25am UTC reported: Ghostscript is vulnerable to a critical format string vulnerability that affects...

CVE-2024-29511

CVE-2024-29511 affects Artifex Ghostscript before 10.03.1. When Tesseract OCR is used, it allows a directory traversal that reads arbitrary files and can write error messages to arbitrary files via OCRLanguage (e.g., using debug_file /tmp/out and user_patterns_file /etc/passwd). The vulnerability...

OPENSUSE-SU-2024:14090-1 ghostscript-10.03.1-1.1 on GA media

These are all security issues fixed in the ghostscript-10.03.1-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE: Security Advisory (SUSE-SU-2024:2276-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...