CVE-2020-15900

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The ‘rsearch’ calculation for the ‘post’ size resulted in a size that was too large, and could underflow to max uint32t. This was fixed...

Ghostscript -- SAFER Sandbox Breakout

NVD reports: A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1738)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : ghostscript (EulerOS-SA-2020-1738)

According to the version of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The InsMIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of servic...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph

Detailed Report: https://oss-fuzz.com/testcase?key=6276535945527296 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: loadtruetypeglyph TTLoadGlyph...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2020-1658)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privilege...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1658)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in zcheck_r6_password

Detailed Report: https://oss-fuzz.com/testcase?key=5646279408615424 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: zcheckr6password interp...

PRET

The repository michaelxiaxc/PRET is a Printer Exploitation Toolkit that allows users to test the security of their printers. The tool connects to a device via network or USB and exploits the features of a given printer language, currently supporting PostScript, PJL, and PCL. The main idea of PRET...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in FAPI_FF_get_glyph

Detailed Report: https://oss-fuzz.com/testcase?key=5704898518974464 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: FAPIFFgetglyph getfapiglyphdata...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token

Detailed Report: https://oss-fuzz.com/testcase?key=5976920960532480 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gsscantoken tokencontinue ztoke...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in get_fapi_glyph_data

Detailed Report: https://oss-fuzz.com/testcase?key=5170403420143616 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: getfapiglyphdata...

SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2020:1220-1)

This update for ghostscript to version 9.52 fixes the following issues : CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2imagecompose bsc1170603. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2020:1212-1)

This update for ghostscript to version 9.52 fixes the following issues : CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2imagecompose bsc1170603. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in s_exD_process

Detailed Report: https://oss-fuzz.com/testcase?key=5769684738899968 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sexDprocess sreadbuf...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in load_truetype_glyph

Detailed Report: https://oss-fuzz.com/testcase?key=5668538569457664 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: loadtruetypeglyph TTLoadGlyph...

openSUSE Security Update : ghostscript (openSUSE-2020-653)

This update for ghostscript to version 9.52 fixes the following issues : - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2imagecompose bsc1170603. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package...

openSUSE: Security Advisory for ghostscript (openSUSE-SU-2020:0653-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0653-1 Security update for ghostscript

This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2imagecompose bsc1170603. This update was imported from the SUSE:SLE-15:Update update project...

Security update for ghostscript (important)

openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2020:0653-1 Rating: important References: 1170603 Cross-References: CVE-2020-12268 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...