ALSA-2024:3999 Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...

SUSE-SU-2024:2076-1 Security update for gdk-pixbuf

This update for gdk-pixbuf fixes the following issues: gdk-pixbuf was updated to version 2.42.12: - Security issues fixed: CVE-2022-48622: Fixed vulnerability where a crafted .ani file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack to a...

USN-6835-1: Ghostscript vulnerabilities

It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this issue to bypass SAFER restrictions and cause unspecified impact. CVE-2023-52722 This issue only affected Ubuntu 20.04...

ghostscript security update

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

RLSA-2024:2966 Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: Divide by zero in epsprintpage in gdevepsn.c CVE-2020-21710 For more...

RHEL 4 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - foomatic: foomatic-rip debug mode insecure temporary file use in renderer command line by processing...

RHEL 6 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - foomatic: foomatic-rip debug mode insecure temporary file use in renderer command line by processing...

RHEL 6 : freetype (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - freetype: Use of uninitialized memory CVE-2014-9746 - FreeType before 2.4.11 allows context-dependent...

RHEL 9 : cups (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cups: insecure permissions of /var/log/cups allows for symlink attacks CVE-2021-25317 - cups, libppd:...

RHEL 5 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - foomatic: foomatic-rip debug mode insecure temporary file use in renderer command line by processing...

SUSE CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

Updated ghostscript packages fix security vulnerabilities

Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed...

Low: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: Divide by zero in epsprintpage in gdevepsn.c CVE-2020-21710 For more...

ALSA-2024:2966 Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: Divide by zero in epsprintpage in gdevepsn.c CVE-2020-21710 For more...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1649)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VulnCheck KEV: CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

PT-2024-6395 · Artifex +9 · Artifex Ghostscript +9

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.1 Description: The issue is related to path reduction in the base/gpmisc.c file of Ghostscript, allowing for path traversal and command execution via a crafted PostScript document. This can lead to...

UBUNTU-CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...

UBUNTU-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...