Debian DSA-4569-1 : ghostscript - security update

Manfred Paul and Lukas Schauer reported that the .charkeys procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. C Tenable Network Security, Inc. The descriptive te...

Debian: Security Advisory (DLA-1992-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-4569-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4193-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4569-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4569-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4569-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 14, 2019 https://www.debian.org/security/faq -...

ghostscript: -dSAFER escape in .charkeys (701841)

A flaw was found in the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

USN-4193-1 ghostscript vulnerability

Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause...

USN-4193-1: Ghostscript vulnerability

Paul Manfred and Lukas Schauer discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause...

CVE-2019-14869

A flaw was found in the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access...

CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...

UBUNTU-CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...

DSA-4569-1 ghostscript - security update

Bulletin has no description...

DLA-1992-1 ghostscript - security update

Bulletin has no description...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2151)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to...

The vulnerability of the fill_threshhold_buffer function (base/gxht_thresh.c) in the software for processing, transforming, and generating Ghostscript documents allows a perpetrator to execute arbitrary code or cause service interruptions.

The vulnerability of the fillthreshholdbuffer function in the software suite for processing, transforming, and generating Ghostscript documents is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2242)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in, ghostscript versions prior to 9.28, in the .pdfhookDSCCreator procedure where it did not properly secure its privilege...

Artifex Ghostscript CVE-2019-14869 Remote Privilege Escalation Vulnerability

Description Ghostscript is prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges and access arbitrary files or execute arbitrary commands on the affected system. Versions prior to Ghostscript 9.50 are vulnerable. Technologies...

PT-2019-6412 · Artifex +7 · Ghostscript +7

Name of the Vulnerable Software and Affected Versions: GhostScript version 9.50 Description: A divide by zero issue in the eps print page function of the gdevepsn.c component allows remote attackers to cause a denial of service via the opening of a crafted PDF file. This issue can be exploited by...