PT-2019-6413 · Artifex +3 · Artifex Ghostscript +3

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript version 9.50 Description: The issue is related to a Buffer Overflow vulnerability in the clj media size function in the devices/gdevclj.c component. This vulnerability can be exploited by remote attackers via the opening o...

PT-2019-6414 · Artifex +7 · Ghostscript +7

Name of the Vulnerable Software and Affected Versions: Ghostscript affected versions not specified Description: The issue is related to a heap-based buffer overwrite vulnerability in the lp8000 print page function of the gdevlp8k.c component. This flaw can be exploited by an attacker who tricks a...

[ASA-201911-5] ghostscript: sandbox escape

Arch Linux Security Advisory ASA-201911-5 ========================================= Severity: High Date : 2019-11-03 CVE-ID : CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817 Package : ghostscript Type : sandbox escape Remote : No Link : https://security.archlinux.org/AVG-1031 Summary...

Artifex Ghostscript < 9.50 Multiple Vulnerabilities

The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.50. It is, therefore, affected by multiple security bypass vulnerabilities. An attacker could exploit one of these vulnerabilities to gain access to the file system and execute arbitrary commands. C Tenable...

CVE-2018-16585

DISPUTED An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0203)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to...

CVE-2018-15911

It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document...

CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

CVE-2018-19477

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Mitigation Please refer to the "Mitigation" section of CVE-2018-16509 :...

CVE-2018-19475

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Mitigation Please refer to the "Mitigation" section of CVE-2018-16509 :...

CVE-2018-15909

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

Fedora 31 : ghostscript (2019-0a9d525d71)

rebase to latest upstream version 9.27 - security fixes added for : - CVE-2019-14811 bug 1747908 - CVE-2019-14812 bug 1747907 - CVE-2019-14813 bug 1747906 - CVE-2019-14817 bug 1747909 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

openSUSE Security Update : ghostscript (openSUSE-2019-2222)

This update for ghostscript fixes the following issues : Security issues fixed : - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. bsc1129180 - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators...

Fedora Update for ghostscript FEDORA-2019-ebd6c4f15a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : ghostscript (openSUSE-2019-2223)

This update for ghostscript fixes the following issues : Security issues fixed : - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. bsc1129180 - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators...

openSUSE: Security Advisory for ghostscript (openSUSE-SU-2019:2222-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2019:2223-1 Security update for ghostscript

This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. bsc1129180 - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators...

OPENSUSE-SU-2019:2222-1 Security update for ghostscript

This update for ghostscript fixes the following issues: Security issues fixed: - CVE-2019-3835: Fixed an unauthorized file system access caused by an available superexec operator. bsc1129180 - CVE-2019-3839: Fixed an unauthorized file system access caused by available privileged operators...

Fedora 29 : ghostscript (2019-ebd6c4f15a)

rebase to latest upstream version 9.27 - security fixes added for : - CVE-2019-14811 bug 1747908 - CVE-2019-14812 bug 1747907 - CVE-2019-14813 bug 1747906 - CVE-2019-14817 bug 1747909 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...