CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

CVE-2024-53863

CVE-2024-53863 affects Synapse prior to 1.120.1. Enabling dynamic_thumbnails or handling a crafted request could trigger decoding/thumbnail generation of uncommon image formats, potentially invoking external decoders (e.g., Ghostscript) and expanding the attack surface. The vulnerability is mitig...

CVE-2024-53863 Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders

Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...

PT-2024-35961 · Unknown +3 · Ghostscript +3

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.120.1 Description: Synapse is an open-source Matrix homeserver. Enabling the dynamic thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image...

Debian: Security Advisory (DLA-3965-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3965-1] ghostscript security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3965-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk November 24, 2024 https://wiki.debian.org/LTS -...

DLA-3965-1 ghostscript - security update

Bulletin has no description...

Debian dla-3965 : ghostscript - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3965 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3965-1 [email protected]...

Astra Linux - уязвимость в ghostscript

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

Astra Linux - уязвимость в ghostscript

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

OESA-2024-2458 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code...

OESA-2024-2457 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and...

OESA-2024-2456 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and...

OESA-2024-2455 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and...

OESA-2024-2454 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and...

Fedora: Security Advisory (FEDORA-2024-b1877232ce)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: ghostscript-10.03.1-4.fc41

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...