SUSE CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

SUSE CVE-2021-45944

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampleddatasample called from sampleddatacontinue and interp...

SUSE CVE-2021-45949

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampleddatafinish called from sampleddatacontinue and interp...

SUSE CVE-2022-2085

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an initdeviceprocs defined for the device that uses it as a prototype that depends upon the number of bits per...

SUSE SLES15 Security Update : ghostscript (SUSE-SU-2022:0088-3)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0088-3 advisory. - Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampleddatasample called from sampleddatacontinue and interp...

SUSE: Security Advisory (SUSE-SU-2022:0088-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:0088-3 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampleddatasample bsc1194303 - CVE-2021-45949: Fixed heap-based buffer overflow in sampleddatafinish bsc1194304...

PT-2023-35792 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A heap-use-after-free READ 2 crash type has been identified, involving functions such as gc trace, gs gc reclaim, and ireclaim. Recommendations: At the moment, there is no information...

Debian dla-3273 : libitext5-java - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3273 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3273-1 [email protected] https://www.debian.org/lts/security/...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2023-1088)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.6 : ghostscript (EulerOS-SA-2023-1088)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampleddatasample called from sampleddatacontinue and interp...

Amazon Linux 2022 : ghostscript (ALAS2022-2022-230)

The version of ghostscript installed on the remote host is prior to 9.56.1-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-230 advisory. - A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of...

PT-2022-36796 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

PT-2022-36793 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported with a type of UNKNOWN READ. The crash state includes functions such as chunk free object, ngx final DeviceN, and gs cspace...

GPL Ghostscript: Multiple Vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

GLSA-202211-11 : GPL Ghostscript: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202211-11 GPL Ghostscript: Multiple Vulnerabilities - A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a special...

PT-2022-36774 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow WRITE 7 crash type. The crash state involves several functions: bytes copy rectangle zero padding, cmd put...

NewStart CGSL MAIN 6.02 : ghostscript Multiple Vulnerabilities (NS-SA-2022-0096)

The remote NewStart CGSL host, running version MAIN 6.02, has ghostscript packages installed that are affected by multiple vulnerabilities: - A use after free was found in igcrelocstructptr of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a...

ghostscript bug fix and enhancement update

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...