5485 matches found
Oracle Linux 8 : ghostscript (ELSA-2019-2591)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2591 advisory. - Resolves: 1744010 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfhookDSCCreator 701445 - Resolves: 1744014 -...
[SECURITY] [DSA 4518-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4518-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2019 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4518-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4518-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2019 https://www.debian.org/security/faq -...
DSA-4518-1 ghostscript - security update
Bulletin has no description...
ALPINE-CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
DEBIAN-CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
Command injection
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
CVE-2019-14813
Ghostscript (before 9.50) contains a sandbox escape in the setsystemparams path that can bypass -dSAFER controls, potentially allowing access to the file system or execution of arbitrary commands via crafted PostScript. The issue is reported as CVE-2019-14813 and is addressed in upstream fixes (g...
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fil...
ghostscript security update
9.25-2.3 - Resolves: 1744010 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfhookDSCCreator 701445 - Resolves: 1744014 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams 701444 - Resolves: 1744005 - CVE-2019-14813 ghostscript: Safer...
ghostscript:gstoraster_fuzzer: Null-dereference READ with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5741557990293504 Project: ghostscript Fuzzing Engine: afl Fuzz Target: gstorasterfuzzer Job Type: aflasanghostscript Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: NULL Sanitizer: address ASAN...
Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20190903)
Security Fixes: - ghostscript: Safer mode bypass by .forceput exposure in .pdfhookDSCCreator 701445 CVE-2019-14811 - ghostscript: Safer mode bypass by .forceput exposure in setuserparams 701444 CVE-2019-14812 - ghostscript: Safer mode bypass by .forceput exposure in setsystemparams 701443...
DEBIAN-CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
DEBIAN-CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to...
ALPINE-CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to...
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...