2744 matches found
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2019:1033-1)
This update for ImageMagick fixes the following issues : Security issues fixed : CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. CVE-2019-7175: Fixed multiple memory leaks in DecodeImag...
SUSE-SU-2019:1033-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-7175: Fixed multiple memory leaks in...
SUSE-SU-2019:1019-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: Security issues fixed: - CVE-2019-9956: Fixed a stack-based buffer overflow in PopHexPixel bsc1130330. - CVE-2019-10650: Fixed a heap-based buffer over-read in WriteTIFFImage bsc1131317. - CVE-2019-11007: Fixed a heap-based buffer overflow i...
FreeBSD : Ghostscript -- Security bypass vulnerability (5ed7102e-6454-11e9-9a3a-001cc0382b2f)
Cedric Buissart Red Hat reports : It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by...
Debian DSA-4432-1 : ghostscript - security update
Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL PostScript/PDF interpreter, which could result in bypass of file system restrictions of the dSAFER sandbox. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Adobe Acrobat Pro DC PostScript Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
[ASA-201904-5] ghostscript: sandbox escape
Arch Linux Security Advisory ASA-201904-5 ========================================= Severity: High Date : 2019-04-11 CVE-ID : CVE-2019-3835 CVE-2019-3838 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-929 Summary ======= The package ghostscript...
EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1209)
According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this...
EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1176)
According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does...
EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1215)
According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does...
EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1202)
According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An...
EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1205)
According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibl...
[SECURITY] Fedora 29 Update: pspp-1.2.0-2.fc29
PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...
Updated ghostscript packages fix security vulnerability
It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. CVE-2019-3835 It was found that the forceput operator...
[SECURITY] Fedora 28 Update: ghostscript-9.26-4.fc28
This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript PS and Portable Document Format PDF page description...
SRC-2019-0058 : Adobe Photoshop CC Type 2 Font Charstring callothersubr Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0061 : Adobe Photoshop CC ASCII85Decode filter Heap Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0060 : Adobe Photoshop CC Type 1 Font FontBBox array Stack Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0063 : Adobe Photoshop CC image length Heap Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
SRC-2019-0059 : Adobe Photoshop CC Type 1 Font FontInfo dictionary Type Confusion Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...