The vulnerability of the Ghostscript software for document processing, conversion, and generation is related to improper checking of “privilege restoration” during the processing of /invalidaccess exception types. This allows a perpetrator to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to improper checking of “privilege restoration” during the processing of /invalidaccess exceptions. Exploiting this vulnerability allows a malicious actor to download specially created...

ghostscript: use-after-free in copydevice handling (699661)

It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScrip...

[SECURITY] [DSA 4372-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4372-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2019 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4372-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution

I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an executable array of commands, you need to mark it as...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an...

Artifex Software Ghostscript Sandbox Bypass Vulnerability

Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...

CVE-2019-6116

It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER...

USN-3866-1 ghostscript vulnerability

Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of...

SRC-2019-0022 : Adobe Acrobat Pro DC Distiller DCTDecode JPEG parsing SOS Marker Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

EulerOS Virtualization 2.5.1 : ghostscript (EulerOS-SA-2019-1016)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibl...

SRC-2019-0023 : Adobe Acrobat Pro DC Distiller PostScript File Parsing dvips TeXDict Type Confusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

SRC-2019-0021 : Adobe Acrobat Pro DC Distiller PostScript File Parsing Use-After-free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service. An uninitialized memory access in the aesdecode operator allows an attacker to crash the interpreter, or potentially execite arbitrary code, via a malicious PostScript...

Privilege Escalation

The Ghostscript suite is susceptible to privilege escalation. It is possible because it does not successfully validate the ghostscript /invalidaccess under certain conditions, allowing to bypass the -dSAFER protection such as allowing the arbitrary shell commands execution through malicious...

Arbitrary Command Execution

ghostscript is vulnerable to arbitrary command execution. An incomplete fix for CVE-2018-16509 allows an attacker to exploit another variant of the vulnerability and bypass the -dSAFER protection to execute arbitrary command via malicious PostScript documents...

Authorization Bypass

ghostscript is vulnerable to authorization bypass. An attacker is able to bypass .tempfile restrictions to write files onto the system using malicious PostScript files...

Denial Of Service (DoS)

ghostscript is vulnerable to denial of service DoS attacks. The vulnerability exists as the memgetbitsrectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted PostScript document...

Remote Code Execution (RCE)

ghostscript is vulnerable to remote code execution. It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process,...