ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files

Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content...

Low: Red Hat Security Advisory: ghostscript security, bug fix, and enhancement update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ghostscript security update

9.25-2.1 - Resolves: 1692798 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116 - Resolves: 1678170 - CVE-2019-3835 ghostscript: superexec operator is available 700585 - Resolves: 1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource is still accessible...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-1731)

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ghostscript: missing attack vector protections for CVE-2019-6116 CVE-2019-3839 Note that Tenable Network Security has extracted the preceding...

The vulnerability of the PostScript Ghostscript file conversion program lies in the improper use of privileged APIs, allowing an attacker to gain access to the file system bypassing restrictions.

The vulnerability of the PostScript Ghostscript file conversion program is related to the improper use of privileged APIs. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the file system by circumventing the restrictions imposed by the -dSAFER option,...

USN-4034-1: ImageMagick vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could...

openSUSE Security Update : ImageMagick (openSUSE-2019-1683)

This update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage bsc1138464. - Fixed a file content disclosure via SVG and WMF decoding bsc1138425.- CVE-2019-11472: Fixed a denial of service in ReadXWDImag...

Security update for ImageMagick (moderate)

openSUSE Security Update: Security update for ImageMagick Announcement ID: openSUSE-SU-2019:1683-1 Rating: moderate References: 1133204 1133205 1133498 1133501 1134075 1135232 1135236 1136183 1136732 1138425 1138464 Cross-References: CVE-2017-12805 CVE-2017-12806 CVE-2019-10131 CVE-2019-11470...

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1712-1)

This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-11597: Fixed a heap-based buffer over-read in the WriteTIFFImage bsc1138464. Fixed a file content disclosure via SVG and WMF decoding bsc1138425.- CVE-2019-11472: Fixed a denial of service in ReadXWDImage...

Ubuntu: Security Advisory (USN-4034-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : ImageMagick vulnerabilities (USN-4034-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4034-1 advisory. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were...

SEMrush Plugs Remote Code Execution Bug in Its SaaS Platform

UPDATE Search engine optimization and analytics firm SEMrush patched a remote code execution vulnerability that allowed an attacker to send a malicious image to its service and generate a reverse shell, a typical first stage in a cyberattack. Public disclosure of the vulnerability was Monday when...

USN-4034-1: ImageMagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

USN-4034-1 imagemagick vulnerabilities

It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of th...

openSUSE Security Update : ImageMagick (openSUSE-2019-1603)

This update for ImageMagick fixes the following issues : Security issues fixed : - CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage bsc1133204. - CVE-2019-11470: Fixed a denial-of-service in ReadCINImage bsc1133205. - CVE-2019-11506: Fixed a heap-based buffer overflow in the...

openSUSE Security Update : netpbm (openSUSE-2019-1605)

This update for netpbm fixes the following issues : Security issues fixed : - CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack bsc1024288. - CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster function bsc1024291. - create netpbm-vulnerable subpackage and move...

SUSE SLED15 / SLES15 Security Update : ImageMagick (SUSE-SU-2019:1523-1)

This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage bsc1133204. CVE-2019-11470: Fixed a denial-of-service in ReadCINImage bsc1133205. CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage...

MGASA-2019-0188 Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

Artifex Ghostscript < 9.27 PostScript Security Bypass Vulnerability

The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.27. It is, therefore, affected by a security bypass vulnerability due to some privileged operators remained accessible from various places after the CVE-2019-6116 fix. An authenticated, remote attacker can explo...