SUSE CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CentOS 8 : ghostscript (CESA-2019:2591)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2591 advisory. - ghostscript: Safer mode bypass by .forceput exposure in .pdfhookDSCCreator 701445 CVE-2019-14811 - ghostscript: Safer mode bypass by .forceput exposu...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1289)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1364)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Mitigation Please refer to the "Mitigation"...

RHEL 8 : ghostscript (RHSA-2019:2591)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2591 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

RHEL 7 : ghostscript (RHSA-2019:2586)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2586 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)

A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)

A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0071)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this...

Access Restriction Bypass

The Ghostscript is vulnerable to access restriction bypass.Attacker can use malicious PostScript to trigger the attack since forceput in DefineResource is still accessible...

EulerOS Virtualization 3.0.1.0 : ghostscript (EulerOS-SA-2019-1465)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript fil...

EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1364)

According to the version of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

ghostscript: forceput in DefineResource is still accessible (700576)

It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-1289)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: superexec operator is available 700585 CVE-2019-3835 - ghostscript: forceput in DefineResource is still accessible 700576...

FreeBSD : Ghostscript -- Security bypass vulnerability (5ed7102e-6454-11e9-9a3a-001cc0382b2f)

Cedric Buissart Red Hat reports : It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by...

MGASA-2019-0130 Updated ghostscript packages fix security vulnerability

It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3835 It was found that the forceput operator...