CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

OPENSUSE-SU-2019:1331-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-11007: Fixed a heap-based buffer overflow i...

CVE-2019-3839

It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Mitigation Please refer t...

Arbitrary Code Execution

ghostscript is vulnerable to arbitrary code execution attacks. This vulnerability exists due to not validating the parametes of ghostscript function .initializedscparser before using it. Remote attackers could inject a specially crafted postscript document that could cause a crash code execution ...

Information Disclosure

ghostscript is vulnerable to information disclosure vulnerability. Remote attackers could bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document and access sensitive information...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DOS attacks. Remote attackers could execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack causing an application crash...

Debian DSA-4436-1 : imagemagick - security update

This update fixes two vulnerabilities in Imagemagick: Memory handling problems and missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed TIFF or Postscript files are processed. C Tenable Network Security, Inc. The...

SUSE-SU-2018:2975-3 Security update for ghostscript

This update for ghostscript to version 9.25 fixes the following issues: These security issues were fixed: - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

SUSE-SU-2019:1033-2 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-7175: Fixed multiple memory leaks in...

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1033-1)

This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. CVE-2019-7175: Fixed multiple memory leaks in DecodeImag...

SUSE-SU-2019:1033-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-7175: Fixed multiple memory leaks in...

SUSE-SU-2019:1019-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-11007: Fixed a heap-based buffer overflow i...

FreeBSD : Ghostscript -- Security bypass vulnerability (5ed7102e-6454-11e9-9a3a-001cc0382b2f)

Cedric Buissart Red Hat reports : It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by...

Debian DSA-4432-1 : ghostscript - security update

Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

Adobe Acrobat Pro DC PostScript Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[ASA-201904-5] ghostscript: sandbox escape

Arch Linux Security Advisory ASA-201904-5 ========================================= Severity: High Date : 2019-04-11 CVE-ID : CVE-2019-3835 CVE-2019-3838 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-929 Summary ======= The package ghostscript...

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1209)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this...

EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1176)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does...

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1215)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does...

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1202)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An...