CVE-2024-29508

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in the function pdfbasefontalloc...

CVE-2024-29508

CVE-2024-29508 affects Artifex Ghostscript prior to 10.03.0. The issue is a heap-based pointer disclosure observable in a constructed BaseFont name, in the function pdf_base_font_alloc. Documents consistently describe this Ghostscript vulnerability as enabling information leakage. The CVSSv3.1 ve...

CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

SUSE SLES12 Security Update : ghostscript (SUSE-SU-2024:2276-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2276-1 advisory. - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format...

[SECURITY] Fedora 40 Update: ghostscript-10.02.1-10.fc40

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

SUSE-SU-2024:2276-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path bsc1226945. - CVE-2024-33870: Fixed a format string injection that could lead to command execution bsc1226944. - CVE-2024-33869: Fixed a path validation...

RLSA-2024:3999 Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...

ghostscript security update

An update is available for ghostscript. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

RLSA-2024:4000 Important: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: OPVP device arbitrary code execution via custom Driver library...

ghostscript security update

An update is available for ghostscript. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Ghostscript suite contains utilities for rendering PostScript and PDF...

Rocky Linux 9 : ghostscript (RLSA-2024:3999)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3999 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly from th...

Fedora 40 : ghostscript (2024-f433c5c4da)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-f433c5c4da advisory. Security fixes for CVE-2024-33870, CVE-2024-29510 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Rocky Linux 8 : ghostscript (RLSA-2024:4000)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4000 advisory. ghostscript: OPVP device arbitrary code execution via custom Driver library CVE-2024-33871 Tenable has extracted the preceding description block directly from th...

openSUSE Security Advisory (SUSE-SU-2024:2198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in Artifex Ghostscript prior to version 10.03.1. Path traversal is possible through a specially crafted PostScript document, allowing access to arbitrary files when the current directory is within the permitted paths. For example, a transformation like ../../foo could be...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in Artifex Ghostscript prior to version 10.03.1. Path traversal and command execution can occur through a crafted PostScript document due to path reduction in the base/gpmisc.c file. For example, restrictions on the use of %pipe% can be bypassed using the output filename...

Astra Linux – Vulnerability in GhostScript

A vulnerability was discovered in Artifex Ghostscript prior to version 10.03.1. The file contrib/opvp/gdevopvp.c allows for arbitrary code execution through a custom Driver library, which can be exploited using a crafted PostScript document. This occurs because the Driver parameter for opvp and...

Astra Linux – Vulnerability in GhostScript

Artifex Ghostscript prior to version 10.03.1 allows for memory corruption, and enables SAFER sandbox bypass, through format string injection using a uniprint device...

SUSE: Security Advisory (SUSE-SU-2024:2198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:2199-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...