CVE-2024-29506

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfiapplyfilter function via a long PDF filter name...

CVE-2024-29508

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function pdfbasefontalloc...

Artifex Ghostscript Formatting String Error Vulnerability

Artifex Ghostscript is a free software package from Artifex, Inc. based on Adobe, PostScript, and the Portable Document Format page description language. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.1 that exploits a memory corruption and SAFER sandbox bypass that...

Artifex Ghostscript Security Vulnerability

Artifex Ghostscript is a set of free software compiled by Artifex, Inc. based on Adobe, PostScript and Portable Document Format page description languages. A security vulnerability exists in Artifex Ghostscript prior to version 10.03.0, which results from a heap-based pointer disclosure in the...

CVE-2024-33870

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...

CVE-2024-29509

CVE-2024-29509 affects Artifex Ghostscript before 10.03.0, where a heap-based overflow occurs when PDFPassword (e.g., for runpdf) contains a embedded NUL byte in the middle. This can lead to corruption or potential code execution as described in public disclosures. The vulnerability is attributed...

[SECURITY] Fedora 40 Update: ghostscript-10.02.1-10.fc40

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

SUSE-SU-2024:2276-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format string injection that could lead to command execution bsc1226944. - CVE-2024-33869: Fixed a path validation...

RLSA-2024:3999 Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...

ghostscript security update

An update is available for ghostscript. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

ghostscript security update

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

RLSA-2024:4000 Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...

Rocky Linux 9 : ghostscript (RLSA-2024:3999)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3999 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly from th...

Rocky Linux 8 : ghostscript (RLSA-2024:4000)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4000 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly from th...

Fedora 40 : ghostscript (2024-f433c5c4da)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f433c5c4da advisory. Security fixes for CVE-2024-33870, CVE-2024-29510 Tenable has extracted the preceding description block directly from the Fedora security advisory...

openSUSE Security Advisory (SUSE-SU-2024:2198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux - уязвимость в ghostscript

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...

Astra Linux - уязвимость в ghostscript

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...

SUSE: Security Advisory (SUSE-SU-2024:2199-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2199-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2199-1 advisory. - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. bsc1225491 Tenable has extracted the preceding...