2801 matches found
CVE-2018-16539
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable...
CVE-2018-16509
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...
FreeBSD : Ghostscript -- arbitrary code execution (30c0f878-b03e-11e8-be8a-0011d823eebd)
CERT reports : Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This...
UBUNTU-CVE-2018-16541
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter...
UBUNTU-CVE-2018-16509
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...
UBUNTU-CVE-2018-16542
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter...
UBUNTU-CVE-2018-16513
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact...
UBUNTU-CVE-2018-16511
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact...
UBUNTU-CVE-2018-16540
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact...
[SECURITY] Fedora 28 Update: ghostscript-9.23-6.fc28
This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript PS and Portable Document Format PDF page description...
Semrush: Remote Code Execution on www.semrush.com/my_reports on Logo upload
The Logo upload in the report constructor at: https://www.semrush.com/myreports/constructor F340480 is passed through a not properly patched version of ImageMagick. You can use Postscript to get Ghostscript to run which in return allows to trigger arbitrary commands on the server, leading to Remo...
ALPINE-CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...
CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...
DEBIAN-CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...
CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...
CVE-2018-15911
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code...
CVE-2018-15910
It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document...
Artifex Ghostscript Type Obfuscation Vulnerability
Ghostscript is based on Adobe Systems PostScript and Portable Document Format PDF page description language interpreter set of software. A type confusion vulnerability exists in the 'LockDistillerParams' parameter in Artifex Ghostscript version 9.23 prior to 2018-08-23, which can be exploited by ...
Artifex Ghostscript Restriction Bypass Vulnerability
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A restriction bypa...
Artifex Ghostscript Type Obfuscation Vulnerability (CNVD-2019-06229)
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A type obfuscation...