[SECURITY] Fedora 42 Update: evince-48.1-2.fc42

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 43 Update: evince-48.1-2.fc43

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 44 Update: evince-48.1-5.fc44

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Astra Linux - уязвимость в ghostscript

In Artifex Ghostscript version 10.01.2, the gdevijs.c file in GhostPDL can lead to remote code execution through crafted PostScript documents. This occurs because the IJS device can be switched, or the IjsServer parameter can be changed, after SAFER has been activated. NOTE: It is a documented ri...

Astra Linux - уязвимость в imagemagick

ImageMagick is free software available as a ready-to-run binary distribution or as source code that you can use, copy, modify, and distribute in both open and proprietary applications. In affected versions, Postscript files may be read and written when specifically excluded by a module policy in...

Unity Linux 20.1070e Security Update: ImageMagick (UTSA-2026-017464)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017464 advisory. ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and...

Astra Linux - уязвимость в ghostscript

In Artifex Ghostscript version 10.01.0, there is a buffer overflow that may lead to corruption of data within the PostScript interpreter, specifically in the bcp/sbcp.c file. This issue affects functions such as BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled just...

Astra Linux - уязвимость в ghostscript

A issue was discovered in Artifex Ghostscript prior to version 10.03.1. The file contrib/opvp/gdevopvp.c allows for arbitrary code execution through a custom Driver library, which can be exploited using a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp...

Astra Linux - уязвимость в cups

Due to a failure in validating the length provided by a PPD PostScript document crafted by an attacker, CUPS and libppd are vulnerable to a heap-based buffer overflow, potentially leading to code execution. This issue has been fixed in CUPS version 2.4.7, released in September 2023...

Astra Linux - уязвимость в pillow

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

CLSA-2026-1777540724 cups: Fix of CVE-2023-4504

CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...

CLSA-2026-1777462768 cups: Fix of CVE-2023-4504

CVE-2023-4504: validate PPD PostScript input length to prevent heap-based buffer overflow in raster-interpret.c...

CLSA-2026-1777393200 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from IPP option values and allowlist PPD keywords returned by filters so a remote attacker cannot inject cupsFilter/cupsFilter2 entries on a shared PostScript queue and gain code execution as the cupsd user...

CLSA-2026-1777392877 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from IPP option values and allowlist PPD keywords returned by filters so a remote attacker cannot inject cupsFilter/cupsFilter2 entries on a shared PostScript queue and gain code execution as the cupsd user...

[SECURITY] Fedora 44 Update: pspp-2.1.1-5.fc44

PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...

Security update for cups

This update for cups fixes the following issues: CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network bsc1261569. CVE-2026-34990: Local print admin token disclosure using temporary printers bsc1261568. Patch Instructions: To install th...

SUSE-SU-2026:1617-1 Security update for cups

This update for cups fixes the following issues: - CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network bsc1261569. - CVE-2026-34990: Local print admin token disclosure using temporary printers bsc1261568...

CLSA-2026-1776760883 poppler: Fix of CVE-2025-32364

CVE-2025-32364: fix floating-point exception in PSStack::roll when handling malformed PostScript input with INTMIN...

SUSE CVE-2003-0354

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job...

[SECURITY] Fedora 43 Update: python-cairosvg-2.9.0-1.fc43

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...