SUSE SLES12 Security Update : ghostscript (SUSE-SU-2023:3938-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3938-1 advisory. - In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because...

Important: ghostscript

Issue Overview: In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS...

CVE-2023-43115

A vulnerability was found in Artifex Ghostscript in gdevijs.c, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents...

ALPINE-CVE-2023-4504

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023...

CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

Remote code execution

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

CVE-2023-43115

Ghostscript/GhostPDL (gdevijs.c) vulnerability (CVE-2023-43115) allows remote code execution via crafted PostScript documents after SAFER is activated, by switching to the IJS device or altering the IjsServer parameter. Affected are Ghostscript versions up to 10.01.2; the issue can be triggered w...

CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

Arbitrary Command Execution

ghostscript is vulnerable to arbitrary command execution. An incomplete fix for CVE-2018-16509 allows an attacker to exploit another variant of the vulnerability and bypass the -dSAFER protection to execute arbitrary command via malicious PostScript documents...

Серьезная дырка в LPR (PostScript shell execution & grog)

При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...

CVE-1999-1062

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100...