MGASA-2018-0378 Updated ghostscript packages fix security vulnerabilities

Updated ghostscript packages fix several security vulnerabilities including: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files CVE-2018-15908. In Artifex Ghostscript 9.23 before 2018-08-24, a typ...

Artifex Ghostscript Code Injection Vulnerability

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

DEBIAN-CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

Code injection

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

UBUNTU-CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

Artifex Ghostscript < 9.25 PostScript Code Execution Vulnerability

The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.25. It is, therefore, affected by a code execution vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid117596; scriptversion"1.5";...

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

[SECURITY] Fedora 27 Update: ghostscript-9.22-6.fc27

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

Debian DSA-4294-1 : ghostscript - security update

Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in the execution of arbitrary code if a malformed Postscript file is processed despite the dSAFER sandbox being enabled. C Tenable Network Security, Inc. The descriptive...

[SECURITY] [DSA 4294-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4294-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...

The vulnerability of the interpreter for software used for processing, transforming, and generating Ghostscript documents allows a perpetrator to execute arbitrary code.

The vulnerability of the interpreter used in software for processing, transforming, and generating Ghostscript documents is related to errors in the data type conversion of the LockDistillerParams parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a...

Debian DLA-1504-1 : ghostscript security update

Tavis Ormandy discovered multiple vulnerabilities in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed despite the dSAFER sandbox being enabled. For...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript relates to the execution of operations beyond the buffer boundaries in memory. This allows an attacker to execute arbitrary code or cause a service failure.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents lies in the escape operation that occurs outside the buffer during data type transformation using the .shfill operator. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the software for processing, transforming, and generating documents using Ghostscript arises from the use of uninitialized memory, allowing an attacker to execute arbitrary code.

The vulnerability of the software for processing, transforming, and generating Ghostscript documents arises from the use of uninitialized memory when manipulating the aesdecode operator in PostScript files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a...

[SECURITY] [DLA 1504-1] ghostscript security update

Package : ghostscript Version : 9.06dfsg-2+deb8u8 CVE ID : CVE-2018-11645 CVE-2018-15908 CVE-2018-15909 CVE-2018-15910 CVE-2018-15911 CVE-2018-16509 CVE-2018-16511 CVE-2018-16513 CVE-2018-16539 CVE-2018-16540 CVE-2018-16541 CVE-2018-16542 CVE-2018-16585 CVE-2018-16802 Debian Bug : 907332 908305...

CVE-2018-16511

It was discovered that the ghostscript .type operator did not properly validate its operands. A specially crafted PostScript document could exploit this to crash ghostscript or, possibly, execute arbitrary code in the context of the ghostscript process. Mitigation Please see...

Unspecified Vulnerability in Artifex Ghostscript (CNVD-2020-54492)

Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security...

Debian: Security Advisory (DLA-1504-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...