5485 matches found
The vulnerability of the interpreter for Ghostscript software, which handles the processing, conversion, and generation of documents, is related to errors in processing the relative path to the directory. This vulnerability allows an attacker to execute arbitrary code.
The vulnerability of the interpreter used in software for processing, transforming, and generating Ghostscript documents is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafte...
The vulnerability in the `contrib/opvp/gdevopvp.c` file of the software interpreter for processing, transforming, and generating Ghostscript documents allows a hacker to execute arbitrary code.
The vulnerability of the contrib/opvp/gdevopvp.c component of the software interpreter for processing, transforming, and generating Ghostscript documents exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...
The vulnerability of the interpreter for Ghostscript software, which handles the processing, conversion, and generation of documents, relates to the execution of operations beyond the buffer boundaries in memory. This vulnerability allows an attacker to escape from the isolated software environment.
The vulnerability of the interpreter for software used to process, transform, and generate Ghostscript documents is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to escape from the isolated software environment...
CVE-2024-29511
A vulnerability was found in Ghostscript. When Tesseract is used for Optical Character Recognition OCR, a directory traversal issue allows arbitrary file reading and writing of error messages to arbitrary files via the OCRLanguage. This issue causes an arbitrary file read/write through the...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:2292-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2292-1 advisory. - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945....
SUSE: Security Advisory (SUSE-SU-2024:2292-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-29509
A flaw was found in Ghostscript. The runpdf command allowed the new C-based PDF interpreter to be invoked from within PS. With this, it can pass various flags and arguments for example, see pdfimplsetparam normally passed via the command line when the PDF interpreter is invoked directly. Because...
CVE-2024-29508
A flaw was found in Ghostscript. Thepdfbasefontalloc function used by the pdfwrite device will use a hexadecimal pointer representation for the constructed BaseFont name if the input name is empty. This flaw allows an attacker to obtain this pointer value by reading back to the output file after...
CVE-2024-29507
A flaw was found in Ghostscript. Under specific conditions, the cidfsubstpath and cidfsubstfont parameters set by corresponding Postscript objects are used to load substitute fonts in pdfiopenCIDFontsubstitutefile. The values are copied via memcpy into the fontfname buffer without bounds checks...
CVE-2024-29506
A flaw was found in Ghostscript. The PDFDEBUG flag controls the value of ctx-args.debug. In pdfiapplyfilter. This issue enables the execution of a memcpy into a stack buffer, without bounds checks. A filter name larger than 100 will overflow the str buffer, which may lead to an application crash ...
CVE-2024-33871
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...
CVE-2024-33869 vulnerabilities
Vulnerabilities for packages: ghostscript...
DEBIAN-CVE-2024-29507
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters...
CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
CVE-2024-33869
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...
ALPINE-CVE-2024-33869
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...
CVE-2024-33870
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...
CVE-2024-29511
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading and writing of error messages to arbitrary files via OCRLanguage. For example, exploitation can use debugfile /tmp/out and userpatternsfile /etc/passwd...
DEBIAN-CVE-2024-29510
Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...
CVE-2024-29511 vulnerabilities
Vulnerabilities for packages: ghostscript...