5485 matches found
CVE-2024-29509
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...
CVE-2024-29511
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...
CVE-2024-29508
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function pdfbasefontalloc...
CVE-2024-29511
CVE-2024-29511 affects Artifex Ghostscript before 10.03.1. When Tesseract OCR is used, it allows a directory traversal that reads arbitrary files and can write error messages to arbitrary files via OCRLanguage (e.g., using debug_file /tmp/out and user_patterns_file /etc/passwd). The vulnerability...
[SECURITY] Fedora 40 Update: ghostscript-10.02.1-10.fc40
This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...
SUSE-SU-2024:2276-1 Security update for ghostscript
This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format string injection that could lead to command execution bsc1226944. - CVE-2024-33869: Fixed a path validation...
RLSA-2024:3999 Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...
ghostscript security update
An update is available for ghostscript. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...
RLSA-2024:4000 Important: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...
ghostscript security update
An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...
Rocky Linux 9 : ghostscript (RLSA-2024:3999)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3999 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly from th...
Rocky Linux 8 : ghostscript (RLSA-2024:4000)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4000 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly from th...
Fedora 40 : ghostscript (2024-f433c5c4da)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f433c5c4da advisory. Security fixes for CVE-2024-33870, CVE-2024-29510 Tenable has extracted the preceding description block directly from the Fedora security advisory...
openSUSE Security Advisory (SUSE-SU-2024:2198-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Astra Linux - уязвимость в ghostscript
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...
Astra Linux – Vulnerability in GhostScript
A issue was discovered in Artifex Ghostscript prior to version 10.03.1. The file contrib/opvp/gdevopvp.c allows for arbitrary code execution through a custom Driver library, which can be exploited using a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp...
Astra Linux - уязвимость в ghostscript
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...
Astra Linux – Vulnerability in GhostScript
Artifex Ghostscript prior to version 10.03.1 allows for memory corruption, and enables SAFER sandbox bypass, through format string injection using a uniprint device...
SUSE: Security Advisory (SUSE-SU-2024:2198-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:2199-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...