5483 matches found
netpbm / pstotext PostScript code execution
-dSAFER option is not used while calling GhostScript...
[SA16184] netpbm Arbitrary Postscript Code Execution Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
USN-130-1: TIFF library vulnerability
Tavis Ormandy discovered a buffer overflow in the TIFF library. A malicious image with an invalid "bits per sample" number could be constructed which, when decoded, would have resulted in execution of arbitrary code with the privileges of the process using the library. Since this library is used ...
CVE-2004-0967
The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...
CVE-2004-0967
The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...
[SA13933] Ghostscript Various Scripts Insecure Temporary File Creation
TITLE: Ghostscript Various Scripts Insecure Temporary File Creation SECUNIA ADVISORY ID: SA13933 VERIFY ADVISORY: http://secunia.com/advisories/13933/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Ghostscript 8.x http://secunia.com/product/4550/ DESCRIPTION:...
GhostScript symbolic links problem
Symbolic links problem in multiple scripts...
USN-3-1: GhostScript utility script vulnerabilities
Recently, Trustix Secure Linux discovered some vulnerabilities in the gs-common package. The utilities "pv.sh" and "ps2epsi" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program...
GLSA-200410-18 : Ghostscript: Insecure temporary file use in multiple scripts
The remote host is affected by the vulnerability described in GLSA-200410-18 Ghostscript: Insecure temporary file use in multiple scripts The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeable directories with predictable names. Impact : A local attacker coul...
CVE-2004-0967
The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...
Ghostscript: Insecure temporary file use in multiple scripts
Background Ghostscript is a software package providing an interpreter for the PostScript language and the PDF file format. It also provides output drivers for various file formats and printers. Description The pj-gs.sh, ps2epsi, pv.sh and sysvlp.sh scripts create temporary files in world-writeabl...
ghostscript -- insecure temporary file creation vulnerability
Ghostscript is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges...
Debian DSA-284-1 : kdegraphics - insecure execution
The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...
Debian DSA-296-1 : kdebase - insecure execution
The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...
Debian DSA-293-1 : kdelibs - insecure execution
The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...
Mandrake Linux Security Advisory : kde3 (MDKSA-2003:049-1)
A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user via web or mail that could lead to the execution of arbitrary commands as t...
Mandrake Linux Security Advisory : ghostscript (MDKSA-2003:065)
A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
RHEL 2.1 : ghostscript (RHSA-2003:182)
A ghostscript package fixing a command execution vulnerability is now available. GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter. A flaw has been discovered in the way Ghostscript...
RHEL 2.1 : ghostscript (RHSA-2002:123)
Updated packages are available for GNU Ghostscript, which fix a vulnerability found during PostScript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary...
Important: Red Hat Security Advisory: : : : updated ghostscript packages fix vulnerabilities
Updated packages are available for GNU Ghostscript under the iSeries and pSeries architectures which fix various security vulnerabilities. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to...