Sandbox Restrictions Bypass

Artifex Ghostscript is vulnerable to sandbox restrictions bypass attacks. This allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

Denial Of Service (DoS)

Ghostscript is vulnerable to denial of serviceDoS attacks. This is because the ghostscript device cleanup does not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code...

Arbitrary Code Execution

Artifex Ghostscript is vulnerable to arbitrary code execution. This is because incorrect restoration of privilege checking when running out of stack during exception handling. An attacker could use this flaw to supply crafted PostScript to execute code using the pipe instruction...

Denial Of Service (DoS)

Ghostscript is vulnerable to denial of service DoS attacks. This is because the .type operator does not properly validate its operands. A remote attacker could supply crafted PostScript to crash the interpreter impacting the availability...

Information Disclosure

Ghostscript is vulnerable to information disclosure vulnerability. This is because the ghostscript does not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could disclose the content of affected files via a specially crafted PostScript document...

Denial Of Service (DoS) Or Remote Code Execution (RCE)

Ghostscript is vulnerable to denial of service DoS attacks. This is because the ghostscript .shfill operator did not properly validate certain types. An attacker could supply crafted PostScript files to crash the interpreter or potentially execute arbitrary code in ghostscript context...

Oracle Linux 7 : ghostscript (ELSA-2019-1017)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1017 advisory. - Resolves: 1673398 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116 Tenable has extracted the preceding description block...

Artifex Software Ghostscript Unauthorized Access Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

CentOS 7 : ghostscript (CESA-2019:1017)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

EulerOS Virtualization for ARM 64 3.0.1.0 : ghostscript (EulerOS-SA-2019-1384)

According to the versions of the ghostscript package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another...

EulerOS Virtualization 3.0.1.0 : ghostscript (EulerOS-SA-2019-1465)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript fil...

CentOS Update for ghostscript CESA-2019:1017 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4442-2] cups-filters regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4442-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4442-2] cups-filters regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4442-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2019 https://www.debian.org/security/faq -...

ghostscript security update

CentOS Errata and Security Advisory CESA-2019:1017 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Debian DSA-4442-1 : ghostscript - security update

A vulnerability was discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER sandbox being enabled. C Tenable Network Security, Inc. The descriptive text...

Debian: Security Advisory (DSA-4442-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4442-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4442-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4442-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4442-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2019 https://www.debian.org/security/faq -...

DSA-4442-1 ghostscript - security update

Bulletin has no description...