DEBIAN-CVE-2019-14812

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...

The vulnerability of the fill_threshhold_buffer function (base/gxht_thresh.c) in the software for processing, transforming, and generating Ghostscript documents allows a perpetrator to execute arbitrary code or cause service interruptions.

The vulnerability of the fillthreshholdbuffer function in the software suite for processing, transforming, and generating Ghostscript documents is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute...

PT-2019-6414 · Artifex +7 · Ghostscript +7

Name of the Vulnerable Software and Affected Versions: Ghostscript affected versions not specified Description: The issue is related to a heap-based buffer overwrite vulnerability in the lp8000 print page function of the gdevlp8k.c component. This flaw can be exploited by an attacker who tricks a...

The vulnerability of the .pdfexecoken process of the Ghostscript file conversion program allows a perpetrator to execute arbitrary commands or gain access to the file system.

The vulnerability of the .pdfexecoken procedure in the Ghostscript file conversion program is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely or gain access to the file system bypassing the restrictions impos...

ALPINE-CVE-2019-14811

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...

UBUNTU-CVE-2019-14811

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...

NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0145)

The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection...

Artifex Software Ghostscript Information Disclosure Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

The vulnerability of the zfile.c library of the PostScript/PDF Ghostscript interpreter, related to information disclosure, allows attackers to determine the presence and size of arbitrary files.

The vulnerability of the zfile.c library of the PostScript/PDF Ghostscript interpreter is related to the state command, even when the dSAFER sandbox is used. Exploiting this vulnerability allows a remote attacker to determine the presence and size of arbitrary files...

DEBIAN-CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

Artifex Software Ghostscript Access Control Error Vulnerability (CNVD-2019-12758)

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

The vulnerability of the Ghostscript software for document processing, conversion, and generation arises from operations that go beyond buffer boundaries in memory, allowing attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibilit...

The vulnerability in the code of “psi/zdevice2.c” of the software for processing, transforming, and generating Ghostscript documents is related to the lack of checking available memory on the stack. This allows an attacker to bypass the established access controls.

The vulnerability in the code of “psi/zdevice2.c” of the software for processing, transforming, and generating Ghostscript documents is related to the lack of checking available memory on the stack when the output device remains unchanged. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the software for processing, transforming, and generating Ghostscript documents, related to errors in the code, allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or trigger a service failure using a specially crafted PostScript file...

MGASA-2019-0056 Updated ghostscript packages fix a security vulnerability

Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. CVE-2019-6116...

USN-3866-1 ghostscript vulnerability

Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of...

UBUNTU-CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution...

UBUNTU-CVE-2018-19478

In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file...

CVE-2018-19134

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue...

ghostscript: incomplete fix for CVE-2018-16509

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document...