2744 matches found
CVE-2018-19491
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PSoptions function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the...
UBUNTU-CVE-2018-19491
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PSoptions function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the...
DEBIAN-CVE-2018-19491
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PSoptions function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the...
CVE-2018-19491
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PSoptions function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the...
CVE-2018-19491
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PSoptions function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the...
Debian DSA-4336-1 : ghostscript - security update
Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service, disclosure of existence and size of arbitrary files, or the execution of arbitrary code if a malformed Postscript file is processed despite the dSAFER sandbox being...
[SECURITY] [DSA 4336-1] ghostscript security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4336-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 10, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4336-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[ASA-201811-3] ghostscript: sandbox escape
Arch Linux Security Advisory ASA-201811-3 ========================================= Severity: High Date : 2018-11-06 CVE-ID : CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 Package : ghostscript Type : sandbox escape Remote : Yes Link : https://security.archlinux.org/AVG-786 Summary ======= The...
USN-3803-1: Ghostscript vulnerabilities
Tavis Ormandy discovered multiple security issues in Ghostscript. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service...
SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:3330-1)
This update for ghostscript-library fixes the following issues : CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. bsc1107426 CVE-2018-16540: Attackers able to supply...
SUSE-SU-2018:3330-1 Security update for ghostscript-library
This update for ghostscript-library fixes the following issues: - CVE-2018-16511: A type confusion in 'ztype' could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. bsc1107426 - CVE-2018-16540: Attackers able to supp...
SUSE SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-2)
This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 CVE-2018-15909: Prevent type confusio...
openSUSE Security Update : ImageMagick (openSUSE-2018-1181)
This update for ImageMagick fixes the following security issues : - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage function in coders/mpc.c via a crafted file allowing for DoS bsc1050129 - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc110828...
Security update for ImageMagick (moderate)
This update for ImageMagick fixes the following security issues: - CVE-2017-11532: Prevent a memory leak vulnerability in the WriteMPCImage function in coders/mpc.c via a crafted file allowing for DoS bsc1050129 - CVE-2018-16750: Prevent memory leak in the formatIPTCfromBuffer function bsc1108283...
ghostscript: LockDistillerParams type confusion (699656)
It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document...
ghostscript: .definemodifiedfont memory corruption if /typecheck is handled (699668)
It was discovered that ghostscript did not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript...
ghostscript: /invalidaccess bypass after failed restore (699654)
It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document...
Artifex Ghostscript Security Bypass Vulnerability
Artifex Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. Postscript file. A security bypass...
CentOS 7 : ghostscript (CESA-2018:2918)
An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...