CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

ghostscript security update

CentOS Errata and Security Advisory CESA-2019:0633 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2019-10023

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case...

UBUNTU-CVE-2019-10026

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case...

Xpdf PE Vulnerability (CNVD-2019-22436)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A PE vulnerability exists in the PostScriptFunction::exec function in Function.cc in Xpdf 4.01.01 in the psOpIdiv scenario. No detailed vulnerability details are provided at this time...

Artifex Software Ghostscript Access Control Error Vulnerability

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

Artifex Software Ghostscript Access Control Error Vulnerability (CNVD-2019-12758)

Artifex Software Ghostscript is an open source parser for Postscript a page description language and programming language used in the electronics industry and desktop publishing from Artifex Software, Inc. The product can display Postscript files as well as print Postscript files on non-PostScrip...

Xpdf PE Vulnerability (CNVD-2019-22437)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A PE vulnerability exists in the PostScriptFunction::exec function in Function.cc in Xpdf 4.01.01 in the psOpRoll scenario. No detailed vulnerability details are provided at this time...

Xpdf poppler vulnerability

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. Xpdf 4.01.01 in the Function.cc in the PostScriptFunction::exec function in the psOpMod situation there is a security vulnerability. An attacker could exploit this vulnerability to caus...

Oracle Linux 7 : ghostscript (ELSA-2019-0633)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0633 advisory. - Resolves: 1678171 - CVE-2019-3835 ghostscript: superexec operator is available 700585 Tenable has extracted the preceding description block directly...

UBUNTU-CVE-2019-10018

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case...

UBUNTU-CVE-2019-10023

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case...

Important: Red Hat Security Advisory: ghostscript security and bug fix update

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

USN-3915-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service...

USN-3915-1 ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service...

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Mitigation Please refer to the "Mitigation" section of...

CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

UBUNTU-CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

UBUNTU-CVE-2019-3835

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...

CVE-2019-3838

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER...