RHEL 8 : ghostscript (RHSA-2024:4537)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4537 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

RHEL 9 : ghostscript (RHSA-2024:4541)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4541 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Ghostscript vulnerabilities (USN-6897-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6897-1 advisory. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue t...

RHEL 8 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ghostscript: Mishandling of .completefont incomplete fix for CVE-2019-3839 CVE-2019-25059 - Ghostscript...

RHEL 9 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ghostscript: Mishandling of .completefont incomplete fix for CVE-2019-3839 CVE-2019-25059 Note that Nessus has not...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

Artifex Software Ghostscript Directory Traversal Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

RHEL 8 : ghostscript (RHSA-2024:4462)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4462 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

openSUSE Security Advisory (SUSE-SU-2024:2292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

PoC exploit for CVE-2024-29510, a Ghostscript format string vuln...

[SECURITY] Fedora 39 Update: ghostscript-10.02.1-5.fc39

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

Fedora 39 : ghostscript (2024-c45c747f02)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c45c747f02 advisory. Security fixes for CVE-2024-33870, CVE-2024-29510 ---- Fix for issues in gating ---- Security fix for CVE-2024-33871 Tenable has extracted the...

SUSE CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

SUSE CVE-2024-29507

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters...

SUSE CVE-2024-29508

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function pdfbasefontalloc...

SUSE CVE-2024-29509

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

SUSE CVE-2024-29511

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...

The vulnerability in the `contrib/opvp/gdevopvp.c` file of the software interpreter for processing, transforming, and generating Ghostscript documents allows a hacker to execute arbitrary code.

The vulnerability of the contrib/opvp/gdevopvp.c component of the software interpreter for processing, transforming, and generating Ghostscript documents exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

The vulnerability of the interpreter for Ghostscript software, which handles the processing, conversion, and generation of documents, relates to the execution of operations beyond the buffer boundaries in memory. This vulnerability allows an attacker to escape from the isolated software environment.

The vulnerability of the interpreter for software used to process, transform, and generate Ghostscript documents is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to escape from the isolated software environment...