SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:1590-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1590-1 advisory. - An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used,...

RHEL 9 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ghostscript: Mishandling of .completefont incomplete fix for CVE-2019-3839 CVE-2019-25059 Note that Nessus has not...

RHEL 5 : jbig2dec (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jbig2dec: Integer overflow in jbig2decodesymboldict CVE-2017-7885 - libjbig2dec.a in Artifex jbig2dec 0.1...

RHEL 7 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ghostscript: Heap-buffer over-read in the gsallocrefarray function CVE-2017-9835 - ghostscript: buffer...

RHEL 5 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ghostscript: /invalidaccess bypass after failed restore 699654 CVE-2018-16509 - ghostscript: Safer mode...

RHEL 7 : jbig2dec (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jbig2dec: Integer overflow in jbig2buildhuffmantable allows OOB write CVE-2017-7975 - Artifex jbig2dec 0....

RHEL 6 : ghostscript (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ghostscript: Safer mode bypass by .forceput exposure in setsystemparams 701443 CVE-2019-14813 -...

SUSE-SU-2024:1590-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2023-52722: Do not allow eexec seeds other than the Type 1 standard while using SAFER mode bsc1223852...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1565)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:1568-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1568-1 advisory. - An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the...

VulnCheck KEV: CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1587)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1568-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2023-52722: Do not allow eexec seeds other than the Type 1 standard while using SAFER mode bsc1223852...

UBUNTU-CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...

PT-2024-4558

Name of the Vulnerable Software and Affected Versions Artifex Ghostscript versions prior to 10.03.1 Description The vulnerability in Artifex Ghostscript is related to a format string injection in the uniprint device, which can lead to memory corruption and allow an attacker to bypass the -dSAFER...

PT-2024-6395 · Artifex +9 · Artifex Ghostscript +9

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.1 Description: The issue is related to path reduction in the base/gpmisc.c file of Ghostscript, allowing for path traversal and command execution via a crafted PostScript document. This can lead to...

EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2024-1587)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single...

UBUNTU-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

UBUNTU-CVE-2024-29510

Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device...