ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths

A flaw was found in Ghostscript. When the gpvalidatepathlen function validates a path, it distinguishes between absolute and relative paths. In the case of relative paths, it will check the path with and without the current-directory-prefix "foo" and "./foo". This does not take into account paths...

ghostscript: format string injection leads to shell command execution (SAFER bypass)

A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands and upYMoveCommand, are treated as format strings for gpfprintf and gssnprintf. This lack of restriction permit...

ghostscript security update

9.54.0-17 - RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths - RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction - RHEL-44731 CVE-2024-29510 ghostscript: format string...

Oracle Linux 9 : ghostscript (ELSA-2024-6197)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6197 advisory. - RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths - RHEL-44745 CVE-2024-338...

Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

ALSA-2024:6197 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

PT-2024-7789 · Artifex +7 · Artifex Ghostscript +7

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.04.0 Description: A buffer overflow issue exists in the pdf/pdf xref.c file of Artifex Ghostscript, related to the handling of a PDF XRef stream and W array values. This issue can be exploited by a...

CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

Debian: Security Advisory (DSA-5760-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5760-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5760-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 29, 2024 https://www.debian.org/security/faq -...

Debian dsa-5760 : ghostscript - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5760 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5760-1 [email protected] https://www.debian.org/securit...

DSA-5760-1 ghostscript - security update

Bulletin has no description...

ROS-20240826-06

A vulnerability in the pdfbasefontalloc function of the Ghostscript document processing, conversion, and generation software suite is related to a buffer overflow resulting from an incorrect buffer overflow. Ghostscript document generation software suite is related to a buffer overflow caused by...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-2267)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-40566 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves functions such as chunk free object and stream dct finalize. No informatio...

PT-2024-40565 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state includes functions such as chunk free object, sfclose, and pdfi close file. No...

PT-2024-40563 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash occurred due to an unknown read issue. The crash state involves functions such as chunk free object, file close file, and sclose. Recommendations: At the moment, there is no...

Amazon Linux 2 : ghostscript (ALAS-2024-2614)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2614 advisory. Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in t...

Amazon Linux 2 : ghostscript (ALAS-2024-2612)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2612 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi-...