SUSE SLED15 / SLES15 Security Update : ghostscript (SUSE-SU-2019:0145-1)

This update for ghostscript version 9.26a fixes the following issues : Security issue fixed : CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators bsc1122319 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

CVE-2019-6116

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER...

USN-3866-1: Ghostscript vulnerability

Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of...

USN-3866-1 ghostscript vulnerability

Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of...

SUSE-SU-2019:0145-1 Security update for ghostscript

This update for ghostscript version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators bsc1122319...

SUSE-SU-2019:0144-1 Security update for ghostscript

This update for ghostscript to version 9.26a fixes the following issues: Security issue fixed: - CVE-2019-6116: subroutines within pseudo-operators must themselves be pseudo-operators bsc1122319...

CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution...

UBUNTU-CVE-2019-6116

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution...

EulerOS Virtualization 2.5.1 : ghostscript (EulerOS-SA-2019-1016)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibl...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service. An uninitialized memory access in the aesdecode operator allows an attacker to crash the interpreter, or potentially execite arbitrary code, via a malicious PostScript...

Privilege Escalation

The Ghostscript suite is susceptible to privilege escalation. It is possible because it does not successfully validate the ghostscript /invalidaccess under certain conditions, allowing to bypass the -dSAFER protection such as allowing the arbitrary shell commands execution through malicious...

Arbitrary Command Execution

ghostscript is vulnerable to arbitrary command execution. An incomplete fix for CVE-2018-16509 allows an attacker to exploit another variant of the vulnerability and bypass the -dSAFER protection to execute arbitrary command via malicious PostScript documents...

Authorization Bypass

ghostscript is vulnerable to authorization bypass. An attacker is able to bypass .tempfile restrictions to write files onto the system using malicious PostScript files...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS attacks. The vulnerability exists as the settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS attacks. The vulnerability exists as the memgetbitsrectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PostScript document...

Remote Code Execution (RCE)

ghostscript is vulnerable to remote code execution. It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process,...

Information Disclosure

ghostscript is vulnerable to information disclosure attacks. The vulnerability exists as the getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file...

Denial Of Service (DoS)

Ghostscript is vulnerable to denial of service. An integer overflow, which results in a heap-based buffer overflow in the icmLutallocate function in icclib allows an attacker to crash the application or possibly execute arbitrary code via a malicious PostScript or PDF file with embedded images...

Information Disclosure

libjpeg-turbo is vulnerable to information disclosure attacks. The vulnerability exists due to the getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplication...

EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-1004)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ghostscript: Incorrect free logic in pagedevice replacement 699664 CVE-2018-16541 - ghostscript: Incorrect 'restoration of privilege'...