Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS. The vulnerability exists as the memgetbitsrectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...

SUSE-SU-2020:1212-1 Security update for ghostscript

This update for ghostscript to version 9.52 fixes the following issues: - CVE-2020-12268: Fixed a heap-based buffer overflow in jbig2imagecompose bsc1170603...

EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1549)

According to the versions of the ghostscript package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1549)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the built-in PDF converter in the Ghostscript software, which is used for processing, transforming, and generating documents, allows a hacker to trigger a system failure.

The vulnerability of the embedded PDF converter in the Ghostscript software for document processing, conversion, and generation is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially crafted PostScript...

The vulnerability of the .tempfile component in the software suite for processing, transforming, and generating Ghostscript documents allows a perpetrator to circumvent the dSAFER protection mechanism, delete files, or gain unauthorized access to protected information.

The vulnerability of the .tempfile component in the software for processing, transforming, and generating Ghostscript documents is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass the dSAFER protection, delete files, or gain unauthorized...

The vulnerability of the `setdistillerkeys` command in the software for processing, transforming, and generating Ghostscript documents allows a perpetrator to trigger a service failure.

The vulnerability of the setdistillerkeys command in the software for processing, transforming, and generating Ghostscript documents is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to trigger a service failure using a...

The vulnerability of the .charkeys procedure in the PostScript/PDF Ghostscript interpreter allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the .charkeys procedure in the PostScript/PDF Ghostscript interpreter is related to a security protection flaw that allows scripts to bypass the "-dSAFER" restriction. Exploiting this vulnerability can enable an attacker operating remotely to gain access to confidential data,...

EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2020-1499)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1499)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in s_exD_process

Detailed Report: https://oss-fuzz.com/testcase?key=5645873112678400 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sexDprocess sreadbuf sgets...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in c_pdf14trans_clist_read_update

Detailed Report: https://oss-fuzz.com/testcase?key=5733777335910400 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: cpdf14transclistreadupdate...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript...

Denial Of Service (DoS)

ghostscript is vulnerable to Denial of Service DoS. The vulnerability exists as the flaw was found in the way Ghostscript interpreted PostScript Type 1 and PostScript Type 2 font files. An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as it was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the curren...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or,...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript's International Color Consortium Format library icclib. Using specially-crafted ICC profiles, an attacker...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when open...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when open...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when open...