The vulnerability of the software for processing, transforming, and generating documents using Ghostscript is related to implementation errors in security checks for standard elements. This allows a perpetrator to circumvent security restrictions.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...

ghostscript security update

CentOS Errata and Security Advisory CESA-2018:3834 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Artifex Software Ghostscript Type Obfuscation Vulnerability

Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...

CentOS 7 : ghostscript (CESA-2018:3834)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Oracle Linux 7 : ghostscript (ELSA-2018-3834)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3834 advisory. - Resolves: 1654621 - CVE-2018-16541 ghostscript: incorrect free logic in pagedevice replacement 699664 - Resolves: 1650210 - CVE-2018-17183 ghostscrip...

CentOS Update for ghostscript CESA-2018:3834 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for ghostscript CESA-2018:3650 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for ghostscript (openSUSE-SU-2018:4140-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for ghostscript (openSUSE-SU-2018:4140-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : ghostscript (RHSA-2018:3834)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3834 advisory. - ghostscript: Uninitialized memory access in the aesdecode operator 699665 CVE-2018-15911 - ghostscript: Incorrect free logic in pagedevice...

openSUSE: Security Advisory for ghostscript (openSUSE-SU-2018:4138-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for ghostscript CESA-2018:3761 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for ghostscript (openSUSE-SU-2018:4138-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ghostscript: Saved execution stacks can leak operator arrays

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...

ghostscript: Uninitialized memory access in the aesdecode operator (699665)

It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document...

ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183)

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...

ghostscript: Type confusion in setpattern (700141)

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

ghostscript: User-writable error exception table

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used...

ghostscript: 1Policy operator allows a sandbox protection bypass

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator...