Arbitrary Code Execution

ghostscript is vulnerable to Arbitrary Code Execution. The vulnerability exists as multiple integer overflow flaws which could lead to heap-based buffer overflows...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token

Detailed Report: https://oss-fuzz.com/testcase?key=5109631614713856 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gsscantoken tokenexeccontinue...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in gs_scan_token

Detailed Report: https://oss-fuzz.com/testcase?key=6257668319870976 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gsscantoken interp gscallinterp...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in gp_pwrite_impl

Detailed Report: https://oss-fuzz.com/testcase?key=5730542504116224 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gppwriteimpl clistfwritechars...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in gx_dc_ht_colored_read

Detailed Report: https://oss-fuzz.com/testcase?key=5749745906876416 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: gxdchtcoloredread...

ghostscript:gstoraster_fuzzer: Use-of-uninitialized-value in s_A85D_process

Detailed Report: https://oss-fuzz.com/testcase?key=5705537925939200 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzermsanghostscript Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: sA85Dprocess gsscantoken interp...

ImageMagick security, bug fix, and enhancement update

autotrace 0.31.1-38 - Resolves: 1765205 rebuild against new IM emacs 1:24.3-23 - Resolves: 1765208 rebuild against new IM ImageMagick 6.9.10.68-3 - Fixing freeze when svg file contains class='' 6.9.10.68-2 - Fixed ghostscript fonts, fixed multilib conflicts 6.9.10.68-1 - Rebase to 6.9.10.68...

EulerOS Virtualization for ARM 64 3.0.6.0 : ghostscript (EulerOS-SA-2020-1348)

According to the versions of the ghostscript packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did n...

GLSA-202004-03 : GPL Ghostscript: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202004-03 GPL Ghostscript: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user t...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1348)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to process a specially craft...

ghostscript:gstoraster_fuzzer: Segv on unknown address in s_DCTD_process

Detailed Report: https://oss-fuzz.com/testcase?key=5631964637036544 Project: ghostscript Fuzzing Engine: libFuzzer Fuzz Target: gstorasterfuzzer Job Type: libfuzzerasanghostscript Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: sDCTDprocess sreadbuf...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1306)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2020-1306)

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The InsMIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based...

PT-2020-6958 · Artifex +1 · Ghostscript +1

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 9.53.0 Description: The issue is related to an out-of-bounds write and use-after-free in the devices/vector/gdevtxtw.c component of Ghostscript, specifically affecting the txtwrite functionality. This...

EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2020-1240)

According to the versions of the ghostscript package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1240)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 Security Update : gimp (SUSE-SU-2020:0601-1)

This update for gimp fixes the following issues : Fix for crashing due to segmentation fault caused by importing ghostscript files. bsc1161998 Security issues fixed: CVE-2017-17785: Fixed an heap-based buffer overflow in FLI import bsc1073625 CVE-2017-17786: Fixed an out-of-bounds read in TGA...

EulerOS 2.0 SP8 : ghostscript (EulerOS-SA-2020-1150)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privilege...