[SECURITY] Fedora 42 Update: evince-48.1-2.fc42

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 43 Update: evince-48.1-2.fc43

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 44 Update: evince-48.1-5.fc44

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Astra Linux - уязвимость в pillow

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

GHSA-496F-X7CQ-CQ39 Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file

Impact An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image...

Linux Distros Unpatched Vulnerability : CVE-2021-28677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as...

CVE-2022-41194

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...

Ghostscript Command Execution via Format String

This module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2...

CVE-2023-44464

pretix before 2023.7.2 allows Pillow to parse EPS files...

rami.io pretix security breach

rami.io pretix is a ticket store application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, bars, etc. from the German company rami.io. A security vulnerability exists in rami.io pretix versions prior to 2023.7.2 that stems from allowing Pillow to parse EPS file...

PT-2023-29246 · Pillow +1 · Pillow +1

Name of the Vulnerable Software and Affected Versions: pretix versions prior to 2023.7.2 Description: The issue allows Pillow to parse EPS files. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this...

SUSE CVE-2012-6076

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts...

CVE-2022-41194

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until...

CVE-2022-41193

Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script .eps, ai.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based...

python-pillow: Excessive CPU use in EPS image reader

A flaw was found in python-pillow. The readline used in EPS has to deal with any combination of \r and \n as line endings. It accidentally used a quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a denial-of-service of Pillow in...

DEBIAN-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

RLSA-2021:1881 Moderate: poppler and evince security, bug fix, and enhancement update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device...

UBUNTU-CVE-2021-28677

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

CVE-2020-17422

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...