RHEL 7 : ghostscript (RHSA-2024:4549)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4549 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

RHEL 8 : ghostscript (RHSA-2024:4537)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4537 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Ghostscript vulnerabilities (USN-6897-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6897-1 advisory. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue t...

RHEL 9 : ghostscript (RHSA-2024:4541)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4541 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

RHEL 8 : ghostscript (RHSA-2024:4527)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4527 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

RHEL 9 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ghostscript: Mishandling of .completefont incomplete fix for CVE-2019-3839 CVE-2019-25059 Note that Nessus has not...

RHEL 8 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ghostscript: Mishandling of .completefont incomplete fix for CVE-2019-3839 CVE-2019-25059 - Ghostscript...

Important: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

ghostscript: OPVP device arbitrary code execution via custom Driver library

A flaw was found in Ghostscript. The "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. This flaw allows a malicious user to send a specially crafted document that, when processed by Ghostscript, could potentially lead to...

Artifex Software Ghostscript Directory Traversal Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

RHEL 8 : ghostscript (RHSA-2024:4462)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4462 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...

openSUSE Security Advisory (SUSE-SU-2024:2292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

PoC exploit for CVE-2024-29510, a Ghostscript format string vuln...

[SECURITY] Fedora 39 Update: ghostscript-10.02.1-5.fc39

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

Fedora 39 : ghostscript (2024-c45c747f02)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c45c747f02 advisory. Security fixes for CVE-2024-33870, CVE-2024-29510 ---- Fix for issues in gating ---- Security fix for CVE-2024-33871 Tenable has extracted the...

SUSE CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

SUSE CVE-2024-29507

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters...

SUSE CVE-2024-29508

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function pdfbasefontalloc...

SUSE CVE-2024-29509

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle...

SUSE CVE-2024-29511

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...