5485 matches found
ghostscript: getenv and filenameforall ignore -dSAFER
It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, fro...
CVE-2016-9601
A heap based buffer overflow was found in the ghostscript jbig2decodegrayscaleimage function used to decode halftone segments in a JBIG2 image. A document PostScript or PDF with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript...
ghostscript security update
8.70-211 - Added security fixes for: - CVE-2013-5653 bug 1380327 - CVE-2016-7977 bug 1380415 - CVE-2016-7979 bug 1382305 - CVE-2016-8602 bug 1383940...
ghostscript security update
9.07-201 - Added security fixes for: - CVE-2013-5653 bug 1380327 - CVE-2016-7977 bug 1380415 - CVE-2016-7978 bug 1382300 - CVE-2016-7979 bug 1382305 - CVE-2016-8602 bug 1383940...
UBUNTU-CVE-2016-9601
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2decodegrayscaleimage function which is used to decode halftone segments in a JBIG2 image. A document PostScript or PDF with an embedded, specially crafted, jbig2 image could trigge...
PT-2016-7789 · Artifex +3 · Ghostscript +3
Name of the Vulnerable Software and Affected Versions: ghostscript versions prior to 9.21 Description: The issue is related to a heap-based buffer overflow found in the jbig2 decode gray scale image function, which is used for decoding halftone segments in JBIG2 images. A document, such as...
CVE-2016-9601
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2decodegrayscaleimage function which is used to decode halftone segments in a JBIG2 image. A document PostScript or PDF with an embedded, specially crafted, jbig2 image could trigge...
GPL Ghostscript: User-assisted execution of arbitrary code
Background Ghostscript is an interpreter for the PostScript language and for PDF. Description An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gsttf.ps. Impact A remote attacker could entice a user to open a specially crafted file, possibly resulting in the...
GLSA-201612-33 : GPL Ghostscript: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-201612-33 GPL Ghostscript: User-assisted execution of arbitrary code An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gsttf.ps. Impact : A remote attacker could entice a user to open a...
Fedora Update for ghostscript FEDORA-2016-62f2b66ed1
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for ghostscript FEDORA-2016-2df27a2224
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3148-1 ghostscript vulnerabilities
Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. CVE-2016-7976,...
USN-3148-1: Ghostscript vulnerabilities
Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. CVE-2016-7976,...
Fedora Update for ghostscript FEDORA-2016-3dad5dfd03
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : Ghostscript vulnerabilities (USN-3148-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3148-1 advisory. Tavis Ormandy discovered multiple vulnerabilities in the way that Ghostscript processes certain Postscript files. If a user or automated syst...
Fedora Update for ghostscript FEDORA-2016-15d4c05a19
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 23 : ghostscript (2016-15d4c05a19)
This update fixes a rare ocasion where ghostscript would fail when displaying .ps files. More info can be found here. ---- This is a security update for these CVEs : - CVE-2016-8602 - check for sufficient params in .sethalftone5 - CVE-2016-7977 - .libfile does not honor -dSAFER This CVE is now...
[SECURITY] Fedora 23 Update: ghostscript-9.20-5.fc23
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...
Fedora 25 : ghostscript (2016-62f2b66ed1)
This is a security update for these CVEs : - CVE-2016-8602 - check for sufficient params in .sethalftone5 - CVE-2016-7977 - .libfile does not honor -dSAFER This CVE is now correctly fixed, previous release was accidentally missing the fix. Note that Tenable Network Security has extracted the...
[SECURITY] Fedora 25 Update: ghostscript-9.20-4.fc25
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...