EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2022-1804)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pip...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2022-1723)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampleddatasample called from sampleddatacontinue and interp. CVE-2021-459...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2022-1723)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-3W4H-R27H-4R2W TYPO3 Image Processing susceptible to Code Execution

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary gs must be available on the...

TYPO3 Image Processing susceptible to Code Execution

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 is susceptible to remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. For a successful exploit, the GhostScript binary gs must be available on the...

Artifex Ghostscript Type Confusion Vulnerability

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile...

new packages: ghostscript

An update is available for ghostscript. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

Ubuntu 16.04 ESM : jbig2dec vulnerabilities (USN-5405-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5405-1 advisory. It was discovered that jbig2dec incorrectly handled memory when parsing invalid files. An attacker could use this issue to cause jbig2dec to crash, leadi...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2022-1693)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authorization Bypass

ghostscript is vulnerable to authorization bypass. An attacker is able to access privileged operators using a malicious PostScript file to gain access to the file system outside of the contraints imposed by the -dSAFER option. This vulnerability exists after applying the fix for CVE-2019-3839...

EulerOS Virtualization 3.0.2.0 : ghostscript (EulerOS-SA-2022-1693)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampleddatasample called from sampleddatacontinue and interp...

Debian: Security Advisory (DLA-2989-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2989-1 : ghostscript - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2989 advisory. - Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. CVE-2019-25059 - It was found...

[SECURITY] [DLA 2989-1] ghostscript security update

Debian LTS Advisory DLA-2989-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 01, 2022 https://wiki.debian.org/LTS Package : ghostscript Version : 9.26adfsg-0+deb9u9 CVE ID : CVE-2019-25059 A security vulnerability was found in Ghostscript, the GPL...

DLA-2989-1 ghostscript - security update

Bulletin has no description...

Ubuntu: Security Advisory (USN-5396-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5396-1 ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service...

USN-5396-1: Ghostscript vulnerability

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service...

Ubuntu 18.04 LTS : Ghostscript vulnerability (USN-5396-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5396-1 advisory. It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted...

CVE-2019-25059

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839...