[ASA-201811-3] ghostscript: sandbox escape

Arch Linux Security Advisory ASA-201811-3 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-786 Summary ======= The...

USN-3803-1: Ghostscript vulnerabilities

Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...

SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:3330-1)

This update for ghostscript-library fixes the following issues : CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. bsc1107426 CVE-2018-16540: Attackers able to supply...

SUSE-SU-2018:3330-1 Security update for ghostscript-library

This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. bsc1107426 - CVE-2018-16540: Attackers able to supp...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-2)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 CVE-2018-15909: Prevent type confusio...

openSUSE Security Update : ImageMagick (openSUSE-2018-1181)

This update for ImageMagick fixes the following security issues : - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage function in coders/mpc.c via a crafted file allowing for DoS bsc1050129 - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc110828...

Security update for ImageMagick (moderate)

This update for ImageMagick fixes the following security issues: - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage function in coders/mpc.c via a crafted file allowing for DoS bsc1050129 - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc1108283...

ghostscript: LockDistillerParams type confusion (699656)

It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document...

ghostscript: /invalidaccess bypass after failed restore (699654)

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document...

ghostscript: .definemodifiedfont memory corruption if /typecheck is handled (699668)

It was discovered that ghostscript did not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

Artifex Ghostscript Security Bypass Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security bypass...

CentOS 7 : ghostscript (CESA-2018:2918)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2018:3095-1)

This update for ImageMagick fixes the following security issues : CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage function in coders/mpc.c via a crafted file allowing for DoS bsc1050129 CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc1108283...

Amazon Linux 2 : ghostscript (ALAS-2018-1088)

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...

ghostscript - executeonly Bypass with errorhandler Setup Exploit

Exploit for linux platform in category local exploits While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc...

ghostscript - executeonly Bypass with errorhandler Setup

While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc. Additionally, because nautilus will automatically invoke...

ghostscript - executeonly Bypass with errorhandler Setup

ghostscript - executeonly Bypass with errorhandler Setup While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc...

openSUSE Security Update : ghostscript (openSUSE-2018-1122)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

openSUSE Security Update : ghostscript (openSUSE-2018-1123)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

Security update for ghostscript (important)

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...