Lucene search
K

29 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

MiracleLinux 4 : ghostscript-8.70-23.AXS4.2 (AXSA:2017-1651:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-1651:03 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics...

7.8CVSS7.4AI score0.96968EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : ghostscript-8.70-24.AXS4.2 (AXSA:2018-3430:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3430:01 advisory. It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER...

9.3CVSS8.1AI score0.92499EPSS
Exploits4References2
OSV
OSV
added 2024/09/20 11:9 a.m.4 views

OESA-2024-2162 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in...

6.3CVSS7.3AI score0.27992EPSS
Exploits6References3
RedHat Linux
RedHat Linux
added 2024/09/09 1:35 a.m.8 views

ghostscript: format string injection leads to shell command execution (SAFER bypass)

A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands and upYMoveCommand, are treated as format strings for gpfprintf and gssnprintf. This lack of restriction permit...

6.3CVSS6AI score0.27992EPSS
Exploits6References4
RedHat Linux
RedHat Linux
added 2024/09/09 1:35 a.m.32 views

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

6.3CVSS7.1AI score0.27992EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2024/09/04 12:0 a.m.28 views

AlmaLinux 9 : ghostscript (ALSA-2024:6197)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due to...

6.3CVSS7.3AI score0.27992EPSS
Exploits6References4
OSV
OSV
added 2024/09/03 12:0 a.m.31 views

ALSA-2024:6197 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

6.3CVSS7AI score0.27992EPSS
Exploits6References8
Metasploit
Metasploit
added 2024/07/19 7:52 p.m.251 views

Ghostscript Command Execution via Format String

This module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2...

6.3CVSS6.7AI score0.27992EPSS
Exploits6
OSV
OSV
added 2024/07/03 7:15 p.m.2 views

DEBIAN-CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...

6.3CVSS6.8AI score0.27992EPSS
Exploits6References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.7 views

SUSE CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...

7.8CVSS9.2AI score0.96968EPSS
Exploits7References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.5 views

SUSE CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...

7.3CVSS7AI score0.03434EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.5 views

The vulnerability of the .charkeys procedure in the PostScript/PDF Ghostscript interpreter allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the .charkeys procedure in the PostScript/PDF Ghostscript interpreter is related to a security protection flaw that allows scripts to bypass the "-dSAFER" restriction. Exploiting this vulnerability can enable an attacker operating remotely to gain access to confidential data,...

9.3CVSS7.2AI score0.03434EPSS
Exploits0References16Affected Software7
OSV
OSV
added 2019/11/27 1:15 p.m.3 views

DEBIAN-CVE-2019-10216

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of...

7.8CVSS7.6AI score0.02295EPSS
Exploits0References1
OSV
OSV
added 2019/11/14 1:0 p.m.5 views

UBUNTU-CVE-2019-14869

A flaw was found in all versions of ghostscript 9.x before 9.50, where the .charkeys procedure, where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could...

8.8CVSS7.1AI score0.03434EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/09/19 12:0 a.m.5 views

The vulnerability of the .pdfexecoken process of the Ghostscript file conversion program allows a perpetrator to execute arbitrary commands or gain access to the file system.

The vulnerability of the .pdfexecoken procedure in the Ghostscript file conversion program is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely or gain access to the file system bypassing the restrictions impos...

10CVSS5.8AI score0.02025EPSS
Exploits1References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2019/09/19 12:0 a.m.4 views

The vulnerability of the .setuserparams2 procedure of the Ghostscript file conversion program allows a attacker to execute arbitrary commands or gain access to the file system.

The vulnerability of the .setuserparams2 procedure in the Ghostscript file conversion program is related to the improper use of privileged APIs. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands or gain access to the file system by circumventing t...

7.5CVSS5.8AI score0.02473EPSS
Exploits0References10Affected Software5
OSV
OSV
added 2019/09/03 4:15 p.m.4 views

ALPINE-CVE-2019-14811

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...

7.8CVSS7AI score0.03763EPSS
Exploits1References1
OSV
OSV
added 2019/09/03 4:15 p.m.3 views

DEBIAN-CVE-2019-14811

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...

7.8CVSS7.5AI score0.03763EPSS
Exploits1References1
OSV
OSV
added 2019/08/28 12:0 a.m.3 views

UBUNTU-CVE-2019-14812

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...

7.8CVSS7.2AI score0.02473EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2019/08/12 7:36 p.m.7 views

ghostscript: -dSAFER escape via .buildfont1 (701394)

It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas...

7.8CVSS5.7AI score0.02295EPSS
Exploits0References4
Rows per page
Query Builder