FontForge buffer overflow vulnerability (CNVD-2017-18538)

FontForge is an open source font editing tool that supports multiple languages. A buffer overflow vulnerability exists in ValidatePostScriptFontName in FontForge version 20161012. An attacker can exploit this vulnerability with a specially crafted otf file to cause a denial of service or execute...

ImageMagick Denial of Service Vulnerability (CNVD-2017-18116)

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A denial of service vulnerability exists in the 'WritePSImage' function in the coders/ps.c file in ImageMagick version...

UBUNTU-CVE-2017-11573

FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName parsettf.c resulting in DoS or code execution via a crafted otf file...

DEBIAN-CVE-2017-11535

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage function in coders/ps.c...

[SECURITY] Fedora 25 Update: evince-3.22.1-5.fc25

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 26 Update: evince-3.24.0-3.fc26

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2017-1101)

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a...

EulerOS 2.0 SP1 : ghostscript (EulerOS-SA-2017-1100)

According to the version of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a...

Amazon Linux AMI : ghostscript (ALAS-2017-837)

It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. CVE-2017-8291 C...

Artifex Software Ghostscript Heap Buffer Overflow Vulnerability

Artifex Software Ghostscript is an open source PostScript parser from Artifex Software, which displays Postscript files and prints them on non-Postscript printers. A security vulnerability exists in the 'fillthreshholdbuffer' function in the base/gxhtthresh.c file in Artifex Software Ghostscript...

DEBIAN-CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document...

CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document...

Authentication flaw

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document...

CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document...

CVE-2016-7977

Ghostscript before 9.21 could bypass SAFER mode using the .libfile operator in crafted PostScript, allowing reading arbitrary files. This CVE (CVE-2016-7977) affects Ghostscript up to version 9.20/9.21; remediation is to upgrade to Ghostscript 9.21 or newer where fixed. Related entries note simil...

CVE-2016-7977

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document...

CVE-2017-8908

The marklinetr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service out-of-bounds read via a crafted PostScript document...

Artifex Ghostscript Denial of Service Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

CentOS 6 / 7 : ghostscript (CESA-2017:1230)

An update for ghostscript is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CentOS Update for ghostscript CESA-2017:1230 centos7

Check the version of ghostscript SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882715";...