PT-2017-2153 · Microsoft · Office

Name of the Vulnerable Software and Affected Versions: Microsoft Office versions 2010 through 2016 Description: The issue exists due to insufficient input validation in Microsoft Office, allowing a remote attacker to execute arbitrary code. Exploitation can occur when a user opens a specially...

Ghostscript 9.20 - Filename Command Execution

Ghostscript 9.20 - Filename Command Execution + + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product:...

FreeBSD : ghostscript -- denial of service (crash) via crafted Postscript files (fc1f6658-4f53-11e5-934b-002590263bf5)

MITRE reports : Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or...

USN-2697-1 ghostscript vulnerability

William Robinet and Stefan Cornelius discovered that Ghostscript did not correctly handle certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code...

openSUSE Security Update : a2ps (openSUSE-SU-2014:0499-1)

a2ps was updated to fix a security issue : fixps called ghostscript without -dSAFER, enabling postscript files processed by fixps to execute code on the system. CVE-2014-0466 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

Printer Job Language Abuse Tool

!/usr/bin/python2 """ printit.py - sends postscript files to printers. Never pay extortionate prices for printing again! Author: Darren "infodox" Martyn Twitter: @infodox Licence: WTFPL - wtfpl.net Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku Version: 20140109.1 Changes: Added ReadyMessage...

Debian DSA-2093-1 : ghostscript - several vulnerabilities

Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4897 A buffer overflow was discovered that allows remote attackers to execute arbitrary code or cause a deni...

Mandrake Security Advisory MDVSA-2009:095 (ghostscript)

The remote host is missing an update to ghostscript announced via advisory MDVSA-2009:095. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

[SECURITY] Fedora 10 Update: ghostscript-8.63-6.fc10

Ghostscript is a set of software that provides a PostScriptTM interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into ma...

DSA-1746-1 ghostscript gs-gpl - arbitrary code execution

Bulletin has no description...

PT-2009-3227 · Artifex +2 · Ghostscript +2

Name of the Vulnerable Software and Affected Versions: Ghostscript versions 8.64 and earlier Argyll Color Management System CMS versions 1.0.3 and earlier Description: The issue is related to multiple integer overflows in the ICC Format library, which can be exploited by context-dependent attacke...

Fedora Update for kdegraphics FEDORA-2007-2985

Check for the Version of kdegraphics OpenVAS Vulnerability Test Fedora Update for kdegraphics FEDORA-2007-2985 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Debian Security Advisory DSA 293-1 (kdelibs)

The remote host is missing an update to kdelibs announced via advisory DSA 293-1. OpenVAS Vulnerability Test $Id: deb2931.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 293-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

[SECURITY] Fedora 7 Update: kdegraphics-3.5.8-7.fc7

Graphics applications for the K Desktop Environment, including kamera digital camera support kcoloredit palette editor and color chooser kdvi displays TeX .dvi files kghostview displays postscript files kiconedit icon editor kooka scanner application kpdf displays PDF files kruler screen ruler an...

[SECURITY] Fedora 7 Update: kdegraphics-3.5.7-2.fc7

Graphics applications for the K Desktop Environment, including kamera digital camera support kcoloredit palette editor and color chooser kdvi displays TeX .dvi files kghostview displays postscript files kiconedit icon editor kooka scanner application kpdf displays PDF files kruler screen ruler an...

Debian DSA-1021-1 : netpbm-free - insecure program execution

Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files...

DSA-981-1 bmv - integer overflow

Bulletin has no description...

Xerox WorkCentre Pro 32/40 Color PostScript Directory Traversal

Directory traversal on PostScript files processing...

Debian DSA-284-1 : kdegraphics - insecure execution

The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...