CVE-2023-52722

CVE-2023-52722 affects Artifex Ghostscript prior to 10.03.1 where SAFER mode in psi/zmisc1.c can allow eexec seeds outside the Type 1 standard. Connected advisories confirm affected Ghostscript versions and provide remediation guidance: upgrade to Ghostscript 10.03.1 or newer (or applicable patch...

PT-2024-4560 · Unknown +10 · Ghostscript +10

Name of the Vulnerable Software and Affected Versions: Ghostscript versions prior to 10.03.1 Description: The issue exists due to insufficient input validation in the contrib/opvp/gdevopvp.c component of the Ghostscript interpreter. This can be exploited by a remote attacker using a specially...

OESA-2024-1462 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for...

PT-2024-40692 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-use-after-free READ 8 crash has been reported. The crash involves the functions ngx device forward finalize and ngx device finalize, and gs gc...

Exploit for Files or Directories Accessible to External Parties in Artifex Ghostscript

Ghostscript command injection vulnerability PoC CVE-2023-3666...

EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-1484)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1484)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : ghostscript (EulerOS-SA-2024-1505)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single...

ROS-20240405-09

A vulnerability in the gdevprnopenprinterseekable function of the gdevprnopenprinterseekable interpreter of the Ghostscript suite of software for Ghostscript document processing, conversion and generation software set interpreter is related to memory usage after its release. Exploitation of the...

PT-2024-4559 · Artifex +9 · Artifex Ghostscript +9

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.1 Description: The issue is related to errors in handling relative path to directory in the Ghostscript software, which can allow a remote attacker to execute arbitrary code using a specially crafte...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:0921-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0921-1 advisory. - Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2024:0920-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0920-1 advisory. - Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in...

SUSE-SU-2024:0921-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - Fixed segfaults in gsheapfreeobject — ref:00D1igLOd.500Tr4BRgx:ref bsc1219357. Previously fixed security issue: - CVE-2020-36773: Fixed out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite bsc1219554...

SUSE-SU-2024:0920-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - Fixed segfaults in gsheapfreeobject — ref:00D1igLOd.500Tr4BRgx:ref bsc1219357. Previously fixed security issue: - CVE-2020-36773: Fixed out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite bsc1219554...

PT-2024-40666 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several function calls, including gs font finalize, chunk free object, and...

pdfforge PDFCreator < 5.1.2 Permission Validation Vulnerability

PDFCreator 5.1.2 contains a vulnerable version of Ghostscript SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript on the Red Hat Enterprise Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript for the Red Hat Enterprise Linux operating system is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

Slackware: Security Advisory (SSA:2024-067-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] ghostscript

New ghostscript packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ghostscript-9.55.0-i586-2slack15.0.txz: Rebuilt. Fixes security issues: A vulnerability was identified in the way...