SRC-2019-0082 : Adobe Acrobat Pro DC Type PostScript File Type Confusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

SRC-2019-0078 : Adobe Acrobat Pro DC Type PostScript File Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

Xpdf Buffer Error Vulnerability

Xpdf is an open source PDF reader from Foo Labs. The product supports decoding LZW compressed format files and read encrypted PDF files. A buffer error vulnerability exists in the 'PostScriptFunction::transform' function of the Function.cc file in Xpdf version 4.01.01. The vulnerability originate...

EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2019-1613)

According to the versions of the ghostscript package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript...

CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

DEBIAN-CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

UBUNTU-CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

Artifex Software Ghostscript Information Disclosure Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

Debian: Security Advisory (DLA-1792-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

Design/Logic Flaw

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

CVE-2019-3839

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscrip...

CVE-2019-3839

Ghostscript (Artifex) is affected by CVE-2019-3839: after the CVE-2019-6116 fix, some privileged operators remain accessible from various PostScript contexts, allowing a crafted PostScript file to access the filesystem outside -dSAFER constraints. The issue affects Ghostscript versions before 9.2...

Access Restriction Bypass

The Ghostscript is vulnerable to access restriction bypass.Attacker can use malicious PostScript to trigger the attack since forceput in DefineResource is still accessible...

Access Restriction Bypass

The Ghostscript is vulnerable to access restriction bypass.Attacker can use malicious PostScript to trigger the attack since superexec operator is available...

Remote Code Execution (RCE)

Artifex Ghostscript is vulnerable to remote code execution RCE vulnerability. This is because the ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in...

Authorization Bypass

ghostscript is vulnerable to authorization bypass. An attacker is able to access privileged operators using a malicious PostScript file to gain access to the file system outside of the contraints imposed by the -dSAFER option. This vulnerability exists after applying the fix for CVE-2019-6116...

Denial Of Service

Artifex Ghostscript is vulnerable to denial of serviceDoS attacks. This is because the ghostscript does not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in...

Remote Code Execution (RCE)

Artifex Ghostscript is vulnerable to remote code execution RCE attacks. This is because the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or possibly execute arbitrary code in the...