Moderate: Red Hat Security Advisory: ghostscript security update

Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Moderate: Red Hat Security Advisory: ghostscript security update

Updated ghostscript packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

ghostscript: CWD included in the default library search path

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

Evince: Multiple vulnerabilities

Background Evince is a document viewer for multiple document formats, including PostScript. Description Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to load a DVI file with a...

USN-1267-1: FreeType vulnerabilities

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. CVE-2011-3256 It was discovered...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1267-1)

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. CVE-2011-3256 It was discovered...

FreeType PostScript Type1 Font Parsing Code Execution (CVE-2011-0226)

A code execution vulnerability has been reported in the FreeType font engine. The vulnerability is due to improper validation by the application while handling specially crafted PDF or PostScript. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially...

CentOS Update for ghostscript CESA-2009:0421 centos5 i386

Check for the Version of ghostscript OpenVAS Vulnerability Test CentOS Update for ghostscript CESA-2009:0421 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

CentOS Update for ghostscript CESA-2009:0421 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for cups CESA-2009:1513 centos5 i386

Check for the Version of cups OpenVAS Vulnerability Test CentOS Update for cups CESA-2009:1513 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CentOS Update for poppler CESA-2010:0749 centos5 i386

Check for the Version of poppler OpenVAS Vulnerability Test CentOS Update for poppler CESA-2010:0749 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for ghostscript CESA-2009:0345 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RHEL 6 : freetype (RHSA-2011:1085)

Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

freetype2 -- execute arbitrary code or cause denial of service

Vincent Danen reports: Due to an error within the t1decoderparsecharstrings function src/psaux/t1decode.c and can be exploited to corrupt memory by tricking a user into processing a specially-crafted postscript Type1 font in an application that uses the freetype library...

Apple iOS Postscript Type字体处理缓冲区溢出漏洞

Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。 Jailbreakme 3 PDF 越狱使用Apple iOS操作系统中处理Postscript Type又称Adobe Type 1字体的一个缓冲区溢出漏洞，漏洞存在于t1decoderparsecharstrings函数，该函数用于解码Type 1字体文件中编码过的CharStrings字段。越狱漏洞中使用的字体文件中包含了一个351字节的特殊CharStrings的字段，当该函数处理这个特殊的...

Microsoft OpenType CFF Driver Font Data Stack Overflow (MS11-032; CVE-2011-0034)

OpenType is a font format developed jointly by Microsoft and Adobe as an extension of Apple's TrueType font format. An OpenType font file contains data, in table format, that comprises either a TrueType or a PostScript outline font. A remote code execution vulnerability has been reported in the w...

[SECURITY] Fedora 13 Update: abcm2ps-5.9.21-1.fc13

Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC langua...

[SECURITY] Fedora 14 Update: abcm2ps-5.9.21-1.fc14

Abcm2ps is a package which converts music tunes from ABC format to Postscript. Based on abc2ps version 1.2.5, it was developed mainly to print Baroque organ scores which have independent voices played on one or many keyboards and a pedal-board. Abcm2ps introduces many extensions to the ABC langua...

Microsoft OpenType CFF Driver Font Encoded Character Corruption (MS11-007; CVE-2011-0033)

OpenType is a font format developed jointly by Microsoft and Adobe as an extension of Apple's TrueType font format. An OpenType font file contains data, in table format, that comprises either a TrueType or a PostScript outline font. A remote code execution vulnerability has been reported in the w...

[SECURITY] Fedora 13 Update: evince-2.30.3-2.fc13

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...