UBUNTU-CVE-2018-15909

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code...

ghostscript command execution vulnerability alerts-a vulnerability alert-the black bar safety net

8 on the 21st, Tavis Ormandy disclosed by the mail list hxxps://bugs. chromium. org/p/project-zero/issues/detail? id=1640, and again that ghostscript security sandbox can be bypassed by constructing a malicious image content, can cause the command execution. ghostscript is widely used, ImageMagic...

GhostScript Sandbox Bypass (Command Execution) Vulnerability

GhostScript is an interpreter for PostScript and Portable Document Format PDF files. GhostScript is vulnerable to a sandbox bypass command execution vulnerability that can be caused by constructing malicious image content...

Ghostscript - Multiple Vulnerabilities

Exploit for linux platform in category local exploits http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested t...

Ghostscript Flaws Allow Remote Takeover of Systems

UPDATE Researchers have uncovered vulnerabilities in the widely deployed Ghostscript package that allows bad actors to remotely take control of vulnerable systems. As of August 24, 2018, all reported problems have been fixed and will be part of the next Ghostscript release in late September, a...

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Google Project Zero's security researcher has discovered a critical remote code execution RCE vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on differen...

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Google Project Zero's security researcher has discovered a critical remote code execution RCE vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on differen...

Ghostscript - Multiple Vulnerabilities

http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussion to oss-security. You might recall I...

Ghostscript - Multiple Vulnerabilities

Ghostscript - Multiple Vulnerabilities http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussi...

Ghostscript Vulnerability

NCCIC is aware of a Ghostscript vulnerability affecting various vendors. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Vulnerability Note VU332928, apply the necessary workarounds, and refer to vendors f...

Ghostscript -- arbitrary code execution

CERT reports: Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerabili...

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities

Overview Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript...

openSUSE Security Update : ghostscript (openSUSE-2018-706)

This update for ghostscript fixes the following issues : - CVE-2018-10194: The settextdistance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted...

Security update for ghostscript (moderate)

This update for ghostscript fixes the following issues: - CVE-2018-10194: The settextdistance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted P...

SUSE-SU-2018:1884-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2018-10194: The settextdistance function did not prevent overflows in text-positioning calculation, which allowed remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted P...

Security Bulletin: A vulnerability in Ghostscript affects PowerKVM

Summary PowerKVM is affected by a vulnerability in Ghostscript. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7207 DESCRIPTION: Artifex Software Ghostscript is vulnerable to a denial of service, caused by a NULL pointer dereference in the memgetbitsrectangle...

Security Bulletin: A vulnerability in ghostscript affects PowerKVM

Summary PowerKVM is affected by a vulnerability in ghostscript. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-8291 DESCRIPTION: Artifex Ghostscript could allow a remote attacker to execute arbitrary commands on the system. By using .rsdparams type confusion with ...

Security Bulletin: Vulnerabilities in Ghostscript affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in ghostscript. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2013-5653 DESCRIPTION: Ghostscript could allow a remote attacker to obtain sensitive information, caused by the failure to honor the -dSAFER option by the...

Basecamp: Remote code execution on Basecamp.com

A critical flaw in Basecamp's profile image upload function leads to remote command execution. Images are converted on the server side, but not only image files but also PostScript/EPS files are accepted if renamed to .gif. This is probably due to ImageMagick / GraphicsMagick being used for image...

CVE-2018-11645

Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content...