[SECURITY] Fedora 28 Update: ghostscript-9.23-6.fc28

This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript PS and Portable Document Format PDF page description...

Skia: Heap buffer overflow rasterizing paths in SVG

A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

Debian DLA-1126-1 : libxfont security update

It was discovered that there two vulnerabilities the library providing font selection and rasterisation, libxfont : - CVE-2017-13720: If a pattern contained a '?' character any character in the string is skipped even if it was a '\0'. The rest of the matching then read invalid memory. -...

Iceni Argus PDF TextToPolys Rasterization Code Execution Vulnerability(CVE-2016-8389)

Summary An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. When rasterizing these shapes, the tool will perfor...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 60.0.3112.80 Platform version: 9592.71.0 for most Chrome OS devices . This build contains a number of bug fixes, security updates and feature enhancements. Systems will be receiving updates over the next several days. Some highlights of these changes are:...

Iceni Argus PDF TextToPolys Rasterization Code Execution Vulnerability

Summary An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. When rasterizing these shapes, the tool will perfor...

DEBIAN-CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity XXE injection attack...

CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity XXE injection attack...

CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity XXE injection attack...

CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity XXE injection attack...

CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity XXE injection attack...

CVE-2012-5656

CVE-2012-5656 concerns Inkscape ≤ 0.48.3 (up to 0.48.4) where the rasterization of SVGs can be abused via an XML external entity (XXE) in a crafted SVG, allowing a local attacker to read arbitrary files. The issue stems from the rasterization path processing external entities. Public advisories c...

PT-2013-1827 · Inkscape +1 · Inkscape +1

Name of the Vulnerable Software and Affected Versions: Inkscape versions prior to 0.48.4 Description: The issue concerns an XML external entity XXE injection attack in the rasterization process. This allows local users to read arbitrary files via an external entity in a SVG file. Recommendations:...

CVE-2012-5656

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity XXE injection attack...

Fedora Core 6 : freetype-2.2.1-17.fc6 (2007-561)

This update fixes a bug in FreeType font rasterization engine that could cause a carefully crafted TrueType font to crash applications trying to use it. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempt...