Slackware Linux 15.0 / current ghostscript Vulnerability (SSA:2024-067-01)

The version of ghostscript installed on the remote host is prior to 10.03.0 / 9.55.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-067-01 advisory. - Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the ...

BIT-MOODLE-2022-35649

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in...

openSUSE: Security Advisory for ghostscript (SUSE-SU-2023:3984-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for ghostscript (SUSE-SU-2023:3438-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for ghostscript (SUSE-SU-2023:4920-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : ghostscript-9.54.0-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ghostscript-9.54.0-4.el9 build changelog. - A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe...

CentOS 9 : ghostscript-9.54.0-13.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ghostscript-9.54.0-13.el9 build changelog. - A buffer overflow flaw was found in base/gdevdevn.c:1973 in devnpcxwriterle in ghostscript. This issue may allow a local attacker to cause a...

CentOS 9 : ghostscript-9.54.0-7.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ghostscript-9.54.0-7.el9 build changelog. - Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampleddatafinish called from sampleddatacontinue and interp...

The vulnerability of the devices/vector/gdevtxtw.c component of the software for processing, transforming, and generating Ghostscript documents allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the devices/vector/gdevtxtw.c component of the software for processing, transforming, and generating Ghostscript documents is related to an incorrect definition of the size of the buffer space that is freed during operation. Exploiting this vulnerability could allow a malicio...

Amazon Linux 2 : ghostscript (ALAS-2024-2469)

The version of ghostscript installed on the remote host is prior to 9.25-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2469 advisory. Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite becaus...

Important: ghostscript

Issue Overview: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature. CVE-2020-36773 Affected Packages: ghostscri...

Important: ghostscript

Issue Overview: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature. CVE-2020-36773 Affected Packages: ghostscri...

Use After Free

Artifex Ghostscript is vulnerable to Use After Free. The vulnerability is due to a single-character code in a PDF document being able to map to more than one Unicode code point. This potentially leads to a Denial of ServiceDoS Attack...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1138)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2024-1138)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript...

PT-2024-40846 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow crash. Technical details include a crash type of Stack-buffer-overflow WRITE 4, with the crash state...

SUSE CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

CVE-2020-36773

An out-of-bounds write, and a use-after-free flaw was found in Ghostscript. The flaw is present in devices/vector/gdevtxtw.c, for txtwrite, due to a single character code in a PDF document that can map to more than one Unicode code point for example, a ligature. Mitigation Mitigation for this iss...

CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...