2744 matches found
UBUNTU-CVE-2017-6196
Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...
CVE-2017-6196
Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...
CVE-2017-6196
Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...
Printer Exploitation Toolkit: PRET
Printer Exploitation Toolkit PRET is a new tool for printer security testing developed in the scope of a Master’s Thesis at Ruhr University Bochum. PRET connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript , PJL and PCL are supported...
Ghostscript 9.20 Command Execution
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product: ================ Ghostscript 9.20 gs920w32.exe Windows 32...
Ghostscript 9.20 - 'Filename' Command Execution
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product: ================ Ghostscript 9.20 gs920w32.exe Windows 32...
Ghostscript 9.20 - Filename Command Execution Vulnerability
Exploit for windows platform in category local exploits + + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product:...
Ghostscript 9.20 - Filename Command Execution
Ghostscript 9.20 - Filename Command Execution + + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product:...
Flaws Found in Popular Printer Models
Vulnerabilities in popular printer models made by HP, Dell and Lexmark expose the devices to attackers who can steal passwords, shut down printers and even steal print jobs. Academic researchers at the University Alliance Ruhr on Monday published a series of advisories and an informational wiki...
Hacking Printers Advisory 2
TL;DR: In the scope of academic research on printer security, various vulnerabilities in network printers and MFPs have been discovered. This is advisory 2 of 6 of the Hacking Printers' series. Each advisory discusses multiple issues of the same category. This post is about accessing a printers...
Hacking Printers Advisory 1
TL;DR: In the scope of academic research on printer security, various vulnerabilities in network printers and MFPs have been discovered. This is advisory 1 of 6 of the Hacking Printers' series. Each advisory discusses multiple issues of the same category. This post is about manipulating and...
[SECURITY] Fedora 24 Update: ghostscript-9.20-6.fc24
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...
[SECURITY] Fedora 25 Update: ghostscript-9.20-6.fc25
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...
a2ps: Arbitrary code execution
Background a2ps is an Any to PostScript filter. Description a2ps’ fixps script does not invoke gs with the -dSAFER option. Impact Remote attackers, by enticing a user to process a specially crafted PostScript file, could delete arbitrary files or execute arbitrary code with the privileges of the...
Amazon Linux AMI : ghostscript (ALAS-2017-784)
It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrie...
Ghostscript 'psi/zht2.c' Null Pointer Reference Remote Code Execution Vulnerability
PostScript PS is a page description language and programming language used in the electronics industry and desktop publishing.Artifex Software Ghostscript is an open-source PostScript parser from Artifex Software that displays Postscript files and prints Postscript files on non-PostScript printer...
Medium: ghostscript
Issue Overview: It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list...
RedHat Update for ghostscript RHSA-2017:0014-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : ghostscript (RHSA-2017:0013)
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Scientific Linux Security Update : ghostscript on SL6.x i386/x86_64 (20170104)
Security Fixes : - It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list...