Command injection

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

UBUNTU-CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

CVE-2021-43113

The CVE-2021-43113 case concerns iTextPDF (iText 7 era) where the CompareTool filename handling interacts with Ghostscript, enabling a command injection via GhostscriptHelper.java. Affected products/versions: iTextPDF before 7.1.17 (up to but not including 4.4.13.3); the Debian/libitext5-java adv...

CVE-2021-43113

iTextPDF in iText 7 and up to excluding 4.4.13.3 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java...

PT-2021-23745 · Unknown +1 · Ghostscript +1

Name of the Vulnerable Software and Affected Versions: iText versions prior to 7.1.17 Description: The issue allows command injection via a CompareTool filename that is mishandled on the gs aka Ghostscript command line in GhostscriptHelper.java. This can occur when a malicious filename is provide...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript is related to shortcomings in data transformation. This vulnerability allows an attacker to execute arbitrary commands and bypass security measures.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to deficiencies in the transformation of data types within the .rsdparams operator. Exploiting this vulnerability allows an attacker to execute arbitrary commands and bypass the .dSAFER...

Debian DLA-2796-1 : jbig2dec - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2796 advisory. Two issues have been found in jbig2dec, a JBIG2 decoder library. One issue is related to an overflow with a crafted image file. The other is related to a NULL...

Solaris 10 (sparc) : 122259-10

SunOS 5.10: SunFreeware GNU ESP Ghostscript Patch. Date this patch was last updated by Sun : Oct/18/21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc";...

Solaris 10 (x86) : 122260-10

SunOS 5.10x86: SunFreeware GNU ESP Ghostscript Patch. Date this patch was last updated by Sun : Oct/18/21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

CVE-2021-24684

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...

CVE-2021-24684

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...

Command injection

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript...

WordPress 插件 操作系统命令注入漏洞

WordPress plugin is a WordPress open source application plugin . WordPress PDF Light Viewer plugin version 1.4.12 before the existence of operating system command injection vulnerability, an attacker can exploit the vulnerability in the call Ghostscript through the OS command injection on the...

Fedora: Security Advisory for ghostscript (FEDORA-2021-49d98b15e7)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: ghostscript-9.54.0-4.fc35

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

Fedora: Security Advisory for ghostscript (FEDORA-2021-be0a93fb15)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: ghostscript-9.54.0-2.1.fc33

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

Updated ghostscript packages fix security vulnerability

Trivial -dSAFER bypass in 9.55. CVE-2021-3781...

MGASA-2021-0436 Updated ghostscript packages fix security vulnerability

Trivial -dSAFER bypass in 9.55. CVE-2021-3781...