[SECURITY] [DSA 4294-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4294-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...

DSA-4294-1 ghostscript - security update

Bulletin has no description...

Debian: Security Advisory (DSA-4294-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the interpreter for software used for processing, transforming, and generating Ghostscript documents allows a perpetrator to execute arbitrary code.

The vulnerability of the interpreter used in software for processing, transforming, and generating Ghostscript documents is related to errors in the data type conversion of the LockDistillerParams parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

Debian DLA-1504-1 : ghostscript security update

Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed despite the dSAFER sandbox being enabled. For...

Slackware 14.2 / current : ghostscript (SSA:2018-256-01)

New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-256-01. The text itself is copyright C Slackware Linux, Inc...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript relates to the execution of operations beyond the buffer boundaries in memory. This allows an attacker to execute arbitrary code or cause a service failure.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents lies in the escape operation that occurs outside the buffer during data type transformation using the .shfill operator. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript arises from the use of uninitialized memory, allowing an attacker to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents arises from the use of uninitialized memory when manipulating the aesdecode operator in PostScript files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a...

[slackware-security] ghostscript

New ghostscript packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/ghostscript-9.25-i586-1slack14.2.txz: Upgraded. This release fixes problems with argument handling, some unintended results of th...

[SECURITY] [DLA 1504-1] ghostscript security update

Package : ghostscript Version : 9.06dfsg-2+deb8u8 CVE ID : CVE-2018-11645 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16585 CVE-2018-16802 Debian Bug : 907332 908305...

CVE-2018-16511

It was discovered that the ghostscript .type operator did not properly validate its operands. A specially crafted PostScript document could exploit this to crash ghostscript or, possibly, execute arbitrary code in the context of the ghostscript process. Mitigation Please see...

DLA-1504-1 ghostscript - security update

Bulletin has no description...

Artifex Ghostscript Multiple Vulnerabilities

The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.24. It is, therefore, affected by multiple vulnerabilities due to improperly handling PostScript data. A context-dependent attacker could cause a buffer overflow, potentially crashing the service. C Tenable...

Unspecified Vulnerability in Artifex Ghostscript (CNVD-2020-54492)

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

Fedora Update for ghostscript FEDORA-2018-56221eb24b

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1504-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: ghostscript-9.24-1.fc28

This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript PS and Portable Document Format PDF page description...

Artifex Ghostscript Code Execution Vulnerability (CNVD-2020-54493)

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

Design/Logic Flaw

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...

CVE-2018-16802

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix...