Updated lilypond package fixes a security vulnerability

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. CVE-2020-17353...

PT-2022-5146 · Moodle +3 · Moodle +3

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified GhostScript versions prior to 9.50 Description: The issue occurs due to improper input validation when parsing PostScript code, resulting in a remote code execution risk. An omitted execution parameter...

Moderate: fontforge security update

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts. Security Fixes: fontforge: SFDGetFontMetaData insufficient CVE-2020-5395 backport...

[SECURITY] Fedora 32 Update: lout-3.40-18.fc32

Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on...

[SECURITY] Fedora 33 Update: lout-3.40-18.fc33

Lout is a document formatting system designed and implemented by Jeffrey Kingston at the Basser Department of Computer Science, University of Sydney, Australia. The system reads a high-level description of a document similar in style to LaTeX and produces a PostScript file which can be printed on...

Fedora: Security Advisory for lout (FEDORA-2020-81c80ff1ed)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for lout (FEDORA-2020-869cd99560)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: okular security update

An update for okular is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2020-2114)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer overflow vulnerability in jetp3852printpage in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker t...

USN-4541-1 gnuplot vulnerabilities

Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars discovered that Gnuplot did not properly validate string sizes in the dfgenerateasciiarrayentry function. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service attack or arbitra...

Microsoft Office Remote Code Execution (CVE-2017-0261)

A remote code execution vulnerability exists in Encapsulated PostScript EPS of Microsoft Office. The vulnerability is due to the way that Microsoft Office does not properly handle objects in memory while parsing specially crafted Office files. A remote attacker can exploit this issue by enticing ...

OPENSUSE-SU-2020:1453-1 Security update for lilypond

This update for lilypond fixes the following issues: - CVE-2020-17353: When -dsafe is used, LilyPond lacks restrictions on embedded-ps and embedded-svg boo1174949...

SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2020-53167)

SAP 3D Visual Enterprise Viewer is a free 3D visualization viewer for Windows. An input validation error vulnerability exists in SAP 3D Visual Enterprise Viewer 9, which can be exploited by an attacker to cause an application crash via a specially crafted EPS file...

Debian DSA-4756-1 : lilypond - security update

Faidon Liambotis discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. C Tenab...

[SECURITY] [DSA 4756-1] lilypond security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4756-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 29, 2020 https://www.debian.org/security/faq -...

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workarou...

[SECURITY] [DLA 2335-1] ghostscript security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2335-1 [email protected] https://www.debian.org/lts/security/ August 20, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

CVE-2020-16307

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. Mitigation Mitigation for this issue is either not available or...

CVE-2020-16306

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. Mitigation Mitigation for this issue is either not available or the currently available...

Artifex Software Ghostscript Buffer Overflow Vulnerability (CNVD-2020-46246)

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...