Design/Logic Flaw

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

CVE-2019-3839

Ghostscript (Artifex) is affected by CVE-2019-3839: after the CVE-2019-6116 fix, some privileged operators remain accessible from various PostScript contexts, allowing a crafted PostScript file to access the filesystem outside -dSAFER constraints. The issue affects Ghostscript versions before 9.2...

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

Access Restriction Bypass

The Ghostscript is vulnerable to access restriction bypass.Attacker can use malicious PostScript to trigger the attack since forceput in DefineResource is still accessible...

Access Restriction Bypass

The Ghostscript is vulnerable to access restriction bypass.Attacker can use malicious PostScript to trigger the attack since superexec operator is available...

Remote Code Execution (RCE)

Artifex Ghostscript is vulnerable to remote code execution RCE vulnerability. This is because the ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in...

Authorization Bypass

ghostscript is vulnerable to authorization bypass. An attacker is able to access privileged operators using a malicious PostScript file to gain access to the file system outside of the contraints imposed by the -dSAFER option. This vulnerability exists after applying the fix for CVE-2019-6116...

Denial Of Service

Artifex Ghostscript is vulnerable to denial of serviceDoS attacks. This is because the ghostscript does not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in...

Remote Code Execution (RCE)

Artifex Ghostscript is vulnerable to remote code execution RCE attacks. This is because the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in the...

Denial Of Service (DoS)

Artifex Ghostscript is vulnerable to denial of serviceDoS attacks. This is because the setpattern operator does not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or possibly execute arbitrary code in the context of the Ghostscript...

Arbitrary Code Execution

Artifex Ghostscript is vulnerable to arbitrary code execution. This is because artifex ghoscript allows an user-writable error exception table. An attacker could use this flaw to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

Denial Of Service (DoS)

Ghostscript is vulnerable to denial of serviceDoS attacks. This is because the ghostscript device cleanup does not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code...

Arbitrary Code Execution

Artifex Ghostscript is vulnerable to arbitrary code execution. This is because incorrect restoration of privilege checking when running out of stack during exception handling. An attacker could use this flaw to supply crafted PostScript to execute code using the pipe instruction...

Denial Of Service (DoS) Or Remote Code Execution (RCE)

Ghostscript is vulnerable to denial of service DoS attacks. This is because the ghostscript .shfill operator did not properly validate certain types. An attacker could supply crafted PostScript files to crash the interpreter or potentially execute arbitrary code in ghostscript context...

Denial Of Service (DoS)

Ghostscript is vulnerable to denial of service DoS attacks. This is because the .type operator does not properly validate its operands. A remote attacker could supply crafted PostScript to crash the interpreter impacting the availability...

Information Disclosure

Ghostscript is vulnerable to information disclosure vulnerability. This is because the ghostscript does not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could disclose the content of affected files via a specially crafted PostScript document...

Code Injection

pdfjs-dist is vulnerable to code injection vulnerability. This is because it does not sufficiently sanitize PostScript calculator functions which allows an attacker to inject malicious JavaScript through a crafted PDF file...

Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...