Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2020-1059)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SRC-2019-0068 : Adobe Acrobat Pro DC Type 2 Charstring put Out-of-Bounds Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Artifex Software Ghostscript Sandbox Bypass Vulnerability

Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...

Ubuntu Ghostscript Failed Fix

Ubuntu: incomplete fix for CVE-2018-16510 This Ubuntu advisory claims to fix CVE-2018-16510: https://usn.ubuntu.com/3768-1/ That does not appear to be true. The root cause of CVE-2018-16510 was that a bunch of procedures were in userdict that should have been executeonly, but were not. In...

ghostscript: LockDistillerParams type confusion (699656)

It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document...

Artifex Ghostscript Code Injection Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

Artifex Ghostscript Code Execution Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

CVE-2017-18237

An issue was discovered in Exempi before 2.4.3. The PostScriptSupport::ConvertToDate function in XMPFiles/source/FormatSupport/PostScriptSupport.cpp allows remote attackers to cause a denial of service invalid pointer dereference and application crash via a crafted .ps file...

Artifex Ghostscript Denial of Service Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

DEBIAN-CVE-2013-5653

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

Hacking Printers Advisory 1

TL;DR: In the scope of academic research on printer security, various vulnerabilities in network printers and MFPs have been discovered. This is advisory 1 of 6 of the Hacking Printers' series. Each advisory discusses multiple issues of the same category. This post is about manipulating and...

UBUNTU-CVE-2015-3228

Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...

AntiWord symbolic links problem

Word to Postscript document convertation insecure temporary file creation...

Debian DSA-179-1 : gnome-gv - buffer overflow

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in gnome-gv. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrar...

RHEL 2.1 : ghostscript (RHSA-2002:123)

Updated packages are available for GNU Ghostscript, which fix a vulnerability found during PostScript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary...

DSA-182 kdegraphics - buffer overflow

Bulletin has no description...

DSA-176 gv - buffer overflow

Bulletin has no description...

CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...

CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...