CVE-2019-10216

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Vulnerability (NS-SA-2019-0081)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by a vulnerability: - It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file cou...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0035)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent...

NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0145)

The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection...

NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0097)

The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ghostscript Vulnerability (NS-SA-2019-0085)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ghostscript packages installed that are affected by a vulnerability: - It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file cou...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0054)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit thi...

Oracle Linux 8 : ghostscript (ELSA-2019-0971)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0971 advisory. - Resolves: 1692798 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116 - Resolves: 1678170 - CVE-2019-3835 ghostscript:...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0071)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this...

Low: Red Hat Security Advisory: ghostscript security, bug fix, and enhancement update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files

Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content...

Adobe Acrobat Pro DC JPEG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

UBUNTU-CVE-2019-13137

ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c...

Ubuntu: Security Advisory (USN-4034-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for evince FEDORA-2019-ff2b5b5b47

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: evince-3.30.2-4.fc29

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

[SECURITY] Fedora 30 Update: evince-3.32.0-3.fc30

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

MGASA-2019-0188 Updated ghostscript packages fix security vulnerability

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

SRC-2019-0080 : Adobe Acrobat Pro DC Type PostScript File Type Confusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...