CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

libjpeg: information leak (read of uninitialized memory)

The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers,...

DEBIAN-CVE-2013-6629

The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers,...

CVE-2013-6629

The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers,...

CVE-2013-6629

The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers,...

CVE-2013-6629

The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers,...

PT-2018-13778 · Artifex +3 · Ghostscript +3

Name of the Vulnerable Software and Affected Versions: ghostscript version 9.07 Description: An issue was discovered where a previous fix did not fully address the problem, allowing an attacker to potentially exploit a variant of the flaw. This could enable the bypassing of the -dSAFER protection...

CVE-2013-4276

Multiple stack-based buffer overflows in LittleCMS aka lcms or liblcms 1.19 and earlier allow remote attackers to cause a denial of service crash via a crafted 1 ICC color profile to the icctrans utility or 2 TIFF image to the tiffdiff utility...

Debian: Security Advisory (DSA-2595-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2595-1 (ghostscript - integer overflow)

Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb25951.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2595-1 using nvtgen 1.0 Script version: 1.0...

Amazon Linux AMI : ghostscript (ALAS-2012-42)

An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. CVE-2009-3743 It was found that Ghostscript alwa...

Amazon Linux AMI : ghostscript (ALAS-2012-127)

An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library icclib. An attacker could create a specially crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execu...

Ubuntu: Security Advisory (USN-1911-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for ghostscript USN-1911-2

Check for the Version of ghostscript OpenVAS Vulnerability Test $Id: gbubuntuUSN19112.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for ghostscript USN-1911-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu 13.04 : ghostscript vulnerability (USN-1911-2)

USN-1911-1 fixed vulnerabilities in Little CMS. This update provides the corresponding updates for Ghostscript. It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, ...

USN-1911-2: Ghostscript vulnerability

USN-1911-1 fixed vulnerabilities in Little CMS. This update provides the corresponding updates for Ghostscript. Original advisory details: It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening...

Oracle Linux 5 / 6 : ghostscript (ELSA-2012-1256)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-1256 advisory. 8.70-14:.1 - Added inputChan lower-bounds checking to icclib bug 854227, CVE-2012-4405. Tenable has extracted the preceding description block directly from...

Oracle Linux 5 / 6 : ghostscript (ELSA-2012-0095)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0095 advisory. - Applied upstream fix to last patch CVE-2010-4054, bug 646086. - Applied patch to prevent null pointer dereference CVE-2010-4054, bug 646086. -...

Oracle Linux 3 / 4 : ghostscript (ELSA-2009-0420)

From Red Hat Security Advisory 2009:0420 : Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ghostscript is a set of software...

Oracle Linux 4 : ghostscript (ELSA-2012-0096)

From Red Hat Security Advisory 2012:0096 : Updated ghostscript packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...