Cross-site Scripting (XSS)

Overview pdfjs-dist is a Portable Document Format PDF library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through...

GNU Barcode 0.99 - Buffer Overflow

GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu 16.04.4 Affected version: 0.99 Summary: GNU Barcode is a...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Mozilla Firefox JavaScript Injection Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A malicious JavaScript injection vulnerability exists in Mozilla Firefox. The vulnerability arises because the PDF viewer fails to adequately validate the PostScript calculator functionality. T...

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Security vulnerabilities fixed in Firefox 60 — Mozilla

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially...

abcm2ps buffer overflow vulnerability (CNVD-2018-09186)

abcm2ps is a command line program that converts music tunes from ABC notation to PostScript or SVG format. A stack buffer overflow vulnerability exists in the 'delayedoutput' function of the music.c file in abcm2ps. A remote attacker could exploit this vulnerability to cause a denial of service...

USN-3636-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. CVE-2016-10317 It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of...

USN-3636-1 ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. CVE-2016-10317 It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of...

[SECURITY] Fedora 27 Update: ghostscript-9.22-4.fc27

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

[SECURITY] Fedora 26 Update: ghostscript-9.20-11.fc26

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

[SECURITY] Fedora 28 Update: ghostscript-9.23-2.fc28

This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript PS and Portable Document Format PDF page description...

Artifex Ghostscript PostScript Handling Buffer Overflow DoS

The version of Artifex Ghostscript installed on the remote Windows host is 9.22 or earlier. It is, therefore, affected by a denial of service vulnerability due to improperly handling PostScript data. A context-dependent attacker could cause a buffer overflow, potentially crashing the service. C...

CVE-2016-9601

CVE-2016-9601 : Ghostscript before version 9.21 is vulnerable to a heap-based buffer overflow in the jbig2_decode_gray_scale_image function used for JBIG2 halftone decoding, potentially causing a segmentation fault when parsing a crafted PostScript/PDF with an embedded JBIG2 image, per multiple c...

Exempi Denial of Service Vulnerability (CNVD-2018-06686)

Exempi is an open source implementation of XMP based on the Adobe XMP SDK. A security vulnerability exists in the 'PostScriptSupport::ConvertToDate' function in the XMPFiles/source/FormatSupport/PostScriptSupport.cpp file in versions of Exempi prior to 2.4.3. ' function has a security...

DEBIAN-CVE-2017-18237

An issue was discovered in Exempi before 2.4.3. The PostScriptSupport::ConvertToDate function in XMPFiles/source/FormatSupport/PostScriptSupport.cpp allows remote attackers to cause a denial of service invalid pointer dereference and application crash via a crafted .ps file...

CVE-2017-18237

An issue was discovered in Exempi before 2.4.3. The PostScriptSupport::ConvertToDate function in XMPFiles/source/FormatSupport/PostScriptSupport.cpp allows remote attackers to cause a denial of service invalid pointer dereference and application crash via a crafted .ps file...

CVE-2017-18237

An issue was discovered in Exempi before 2.4.3. The PostScriptSupport::ConvertToDate function in XMPFiles/source/FormatSupport/PostScriptSupport.cpp allows remote attackers to cause a denial of service invalid pointer dereference and application crash via a crafted .ps file...

CVE-2018-7729

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in XMPFiles/source/FileHandlers/PostScriptHandler.cpp...