5485 matches found
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to...
ALPINE-CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
Command injection
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
Command injection
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to...
CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to...
CVE-2019-14817
Ghostscript before version 9.50 is affected by sandbox escape flaws via multiple PostScript procedures, including .pdfexectoken, .pdf_hook_DSC_Creator, setuserparams, and setsystemparams, allowing bypass of -dSAFER and potential file-system access or command execution. Affected versions are befor...
CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to...
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
CVE-2019-14811
Summary: Ghostscript before version 9.50 contains sandbox-safety bypasses in multiple procedures, notably the ".pdf_hook_DSC_Creator" path, allowing crafted PostScript to bypass -dSAFER and potentially access the file system or execute commands. Other vulnerable entry points include ".forceput" e...
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
CVE-2019-14811
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...
Safer Restriction Bypass
ghostscript is vulnerable to safer restriction bypass. It is due to a falw in .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions...
Safer Restriction Bypass
Ghostscript is vulnerable to safer restriction bypass. The attack is possible due to a flaw of exposing .forceput in setuserparams2 when hooking errors...
Safer Restriction Bypass
Ghostscript is vulnerable to safer restriction bypass. The attack is possible due to a flaw of exposing .forceput in setsystemparams when hooking errors...
Safer Restriction Bypass
Ghostscript is vulnerable to safer restriction bypass. The attack is possible due to a flaw of exposing .forceput through .pdfhookDSCCreator when hooking errors, allowing an attacker to bypass the -dSAFER restrictions by sending a malicious PostScript file...
RHEL 8 : ghostscript (RHSA-2019:2591)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2591 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
RHEL 7 : ghostscript (RHSA-2019:2586)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2586 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...
Oracle Linux 7 : ghostscript (ELSA-2019-2586)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2586 advisory. - Resolves: 1744008 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfhookDSCCreator 701445 - Resolves: 1744012 -...