CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as...

CVE-2018-16863

Ghostscript on Red Hat/CentOS environments (Ghostscript 9.07 in RHEL7) contains an incomplete fix for CVE-2018-16509, allowing bypass of the -dSAFER protection via crafted PostScript and potential execution of arbitrary shell commands. CVE-2018-16863 ties to this by noting the residual flaw and i...

CVE-2018-16863

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document...

Ubuntu Ghostscript Failed Fix

Ubuntu: incomplete fix for CVE-2018-16510 This Ubuntu advisory claims to fix CVE-2018-16510: https://usn.ubuntu.com/3768-1/ That does not appear to be true. The root cause of CVE-2018-16510 was that a bunch of procedures were in userdict that should have been executeonly, but were not. In...

USN-3831-1: Ghostscript vulnerabilities

It was discovered that Ghostscript contained multiple security issues. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...

Debian DSA-4346-1 : ghostscript - security update

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or the execution of arbitrary code if a malformed Postscript file is processed despite the -dSAFER sandbox being enabled. This update rebases ghostscript for stretch t...

Debian DLA-1598-1 : ghostscript security update

Several security vulnerabilities were discovered in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed despite the dSAFER sandbox being enabled. For...

[SECURITY] [DLA 1598-1] ghostscript security update

Package : ghostscript Version : 9.06dfsg-2+deb8u12 CVE ID : CVE-2018-19409 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 Several security vulnerabilities were discovered in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or th...

Artifex Ghostscript < 9.26 PostScript Multiple Vulnerabilities

The version of Artifex Ghostscript installed on the remote Windows host is prior to 9.26. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid119240; scriptversion"1.7";...

ghostscript: shading_param incomplete type checking (699660)

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript docume...

ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658)

It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could possibly exploit this to bypass the -dSAFER protection and disclose the content of affected files via a specially crafted PostScript document...

ghostscript: .tempfile file permission issues (699657)

It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibly exploit this to exploit this to bypass the -dSAFER protection and delete files or disclose their content via a specially crafted PostScript document...

ghostscript: missing type check in type checker (699659)

It was discovered that the ghostscript .type operator did not properly validate its operands. A specially crafted PostScript document could exploit this to crash ghostscript or, possibly, execute arbitrary code in the context of the ghostscript process...

GLSA-201811-12 : GPL Ghostscript: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201811-12 GPL Ghostscript: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact : A context-dependent...

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact A context-dependent attacker could entice a user to...

Buffer overflow

An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PSoptions function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the...

CVE-2018-19491

An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PSoptions function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the...