2801 matches found
Ghostscript Command Execution via Format String
This module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2...
Important: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
USN-6897-1: Ghostscript vulnerabilities
It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-29506 It was discovered that...
Important: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
RHEL 8 : ghostscript (RHSA-2024:4527)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4527 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...
RHEL 7 : ghostscript (RHSA-2024:4549)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4549 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...
RHEL 9 : ghostscript (RHSA-2024:4541)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4541 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...
CLSA-2024-1720178510 cups: Fix of CVE-2023-4504
CVE-2023-4504: scanps: check for null terminator after backslash character...
The vulnerability in the `contrib/opvp/gdevopvp.c` file of the software interpreter for processing, transforming, and generating Ghostscript documents allows a hacker to execute arbitrary code.
The vulnerability of the contrib/opvp/gdevopvp.c component of the software interpreter for processing, transforming, and generating Ghostscript documents exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...
The vulnerability of the interpreter for Ghostscript software, which handles the processing, conversion, and generation of documents, is related to errors in processing the relative path to the directory. This vulnerability allows an attacker to execute arbitrary code.
The vulnerability of the interpreter used in software for processing, transforming, and generating Ghostscript documents is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafte...
CVE-2024-33871
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...
DEBIAN-CVE-2024-33870
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...
ALPINE-CVE-2024-33869
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...
ALPINE-CVE-2024-33870
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...
DEBIAN-CVE-2024-33869
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...
DEBIAN-CVE-2024-33871
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...
CVE-2024-33869
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...
ALPINE-CVE-2024-33871
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...
CVE-2024-33869
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...
CVE-2024-33870
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...