2801 matches found
CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...
CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...
CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...
CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...
CVE-2018-16540
It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScrip...
CVE-2018-16541
It was discovered that the ghostscript device cleanup did not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted...
CVE-2018-16543
It was discovered that the ghostscript gssetresolution and gsgetresolution procedures were available, although they have dangerous side effects. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript...
CVE-2018-16510
It was discovered that ghostscript did not properly handle certain error conditions related to the SC and CS PDF operators. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a speciall...
CVE-2018-16542
It was discovered that ghostscript did not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...
CVE-2018-16509
It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. Mitigation ImageMagick relies on...
CVE-2018-16513
It was discovered that the ghostscript did not properly validate the operands passed to the setcolor function. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted...
Ghostscript Failed Restore Command Execution
This module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore grestore in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick. This module requires Metasploit:...
CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...
Ghostscript Failed Restore Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /dev/tty' include Msf::Exploit::FILEFORMAT include Msf::Exploit::CmdStager include Msf::Exploit::Powershell def initializeinfo =...
Artifex Ghostscript Denial of Service Vulnerability (CNVD-2020-54476)
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...
Artifex Ghostscript Denial of Service Vulnerability (CNVD-2020-54475)
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...
Artifex Ghostscript Information Disclosure Vulnerability (CNVD-2020-54498)
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...
Artifex Ghostscript Type Obfuscation Vulnerability (CNVD-2020-54497)
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...
UBUNTU-CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing e.g., after the startup phase. This leads to memory corruption, allowing remote attackers able to supply crafted...
Design/Logic Flaw
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact...