SUSE-SU-2024:2627-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2024-29508: Fixed heap pointer leak in pdfbasefontalloc bsc1227380...

ROS-20240730-04

A vulnerability in the document processing, conversion and generation software suite Ghostscript is related to the introduction of a specially crafted pipe command. Exploitation of the vulnerability could Allow an attacker acting remotely to execute arbitrary code...

Metasploit Weekly Wrap-Up 07/26/2024

New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...

[SECURITY] Fedora 39 Update: ghostscript-10.02.1-7.fc39

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

Fedora 39 : ghostscript (2024-52192927d8)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52192927d8 advisory. Security fix for CVE-2024-33869 ---- Security fixes for CVE-2024-29509, CVE-2024-29508, CVE-2024-29507, CVE-2024-29506 Tenable has extracted the...

The vulnerability of the Ghostscript software for document processing, conversion, and generation, related to the operation of writing data beyond the buffer boundaries in memory, allows an attacker to gain unauthorized access to protected information.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

The vulnerability affects the file function /tmp/out of the Tesseract component of the software suite for processing, transforming, and generating Ghostscript documents. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...

[SECURITY] Fedora 40 Update: ghostscript-10.02.1-12.fc40

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

Amazon Linux 2 : ghostscript (ALAS-2024-2597)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2597 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi-...

Fedora 40 : ghostscript (2024-053b8330a1)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-053b8330a1 advisory. Security fix for CVE-2024-33869 ---- Security fixes for CVE-2024-29509, CVE-2024-29508, CVE-2024-29507, CVE-2024-29506 Tenable has extracted the...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2547-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2547-1 advisory. - CVE-2024-29508: Fixed heap pointer leak in pdfbasefontalloc bsc1227380 Tenable has extracted the preceding description block directly from...

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to buffer overflow attacks, which allow attackers to cause system failures.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to buffer overflows during the processing of the PDFPassword parameter. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

Ghostscript Command Execution / Format String Exploit

This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 an...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2024-664)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-664 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi- bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1NOTE:...

Ghostscript Command Execution / Format String

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ghostscript Command Execution via Format String', 'Description' = %q This module exploits a format string vulnerability in Ghostscript versions...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=3b1735085ecef20b29e8db3416ab36de93e86d1f ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707662 ADVISORIES: 'DSA-5692-1'...

The vulnerability of the pdfi_apply_filter() function in the software for processing, transforming, and generating Ghostscript documents allows a attacker to execute arbitrary code, cause service failures, or gain full control over the application.

The vulnerability of the pdfiapplyfilter function in the software for processing, transforming, and generating Ghostscript documents is related to buffer overflow during the filtering process. Exploiting this vulnerability could allow an attacker to execute arbitrary code, cause service failures,...