Arbitrary File Upload

Synapse is vulnerable to Arbitrary File Upload. The vulnerability is due to improper handling of uncommon image formats during thumbnail generation, which could invoke external tools like Ghostscript, increasing the risk of exploitation...

Ubuntu: Security Advisory (USN-7138-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7138-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-7138-1 ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code...

Ubuntu 16.04 LTS / 18.04 LTS : Ghostscript vulnerabilities (USN-7138-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7138-1 advisory. It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to cause Ghostscript to...

CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

CVE-2024-53863

CVE-2024-53863 affects Synapse prior to 1.120.1. Enabling dynamic_thumbnails or handling a crafted request could trigger decoding/thumbnail generation of uncommon image formats, potentially invoking external decoders (e.g., Ghostscript) and expanding the attack surface. The vulnerability is mitig...

CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

PT-2024-35961 · Unknown +3 · Ghostscript +3

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.120.1 Description: Synapse is an open-source Matrix homeserver. Enabling the dynamic thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image...

Debian: Security Advisory (DLA-3965-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3965-1] ghostscript security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3965-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 24, 2024 https://wiki.debian.org/LTS -...

DLA-3965-1 ghostscript - security update

Bulletin has no description...

Debian dla-3965 : ghostscript - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3965 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3965-1 [email protected]...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in psi/zcolor.c in Artifex Ghostscript prior to version 10.04.0. An unchecked Implementation pointer in the Pattern color space could lead to arbitrary code execution...

Astra Linux - уязвимость в ghostscript

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

OESA-2024-2458 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code...