Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Google Project Zero's security researcher has discovered a critical remote code execution RCE vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on differen...

Ghostscript -- arbitrary code execution

CERT reports: Ghostscript contains an optional -dSAFER option, which is supposed to prevent unsafe PostScript operations. Multiple PostScript operations bypass the protections provided by -dSAFER, which can allow an attacker to execute arbitrary commands with arbitrary arguments. This vulnerabili...

DEBIAN-CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Code injection

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

CVE-2018-5158

CVE-2018-5158: Firefox PDF viewer has insufficient sanitization of PostScript calculator functions, enabling injection of malicious JavaScript via crafted PDFs. Impact affects Firefox ESR < 52.8 and Firefox

Cross-site Scripting (XSS)

Overview pdfjs-dist is a Portable Document Format PDF library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through...

GNU Barcode 0.99 - Buffer Overflow

GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu 16.04.4 Affected version: 0.99 Summary: GNU Barcode is a...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Mozilla Firefox JavaScript Injection Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A malicious JavaScript injection vulnerability exists in Mozilla Firefox. The vulnerability arises because the PDF viewer fails to adequately validate the PostScript calculator functionality. T...

CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Security vulnerabilities fixed in Firefox 60 — Mozilla

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially...

abcm2ps buffer overflow vulnerability (CNVD-2018-09186)

abcm2ps is a command line program that converts music tunes from ABC notation to PostScript or SVG format. A stack buffer overflow vulnerability exists in the 'delayedoutput' function of the music.c file in abcm2ps. A remote attacker could exploit this vulnerability to cause a denial of service...

USN-3636-1: Ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. CVE-2016-10317 It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of...

USN-3636-1 ghostscript vulnerabilities

It was discovered that Ghostscript incorrectly handled certain PostScript files. An attacker could possibly use this to cause a denial of server. CVE-2016-10317 It was discovered that Ghostscript incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of...

[SECURITY] Fedora 27 Update: ghostscript-9.22-4.fc27

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

[SECURITY] Fedora 26 Update: ghostscript-9.20-11.fc26

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

[SECURITY] Fedora 28 Update: ghostscript-9.23-2.fc28

This package provides useful conversion utilities based on Ghostscript soft ware, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Syste ms' PostScript PS and Portable Document Format PDF page description...

Artifex Ghostscript PostScript Handling Buffer Overflow DoS

The version of Artifex Ghostscript installed on the remote Windows host is 9.22 or earlier. It is, therefore, affected by a denial of service vulnerability due to improperly handling PostScript data. A context-dependent attacker could cause a buffer overflow, potentially crashing the service. C...

CVE-2016-9601

CVE-2016-9601 : Ghostscript before version 9.21 is vulnerable to a heap-based buffer overflow in the jbig2_decode_gray_scale_image function used for JBIG2 halftone decoding, potentially causing a segmentation fault when parsing a crafted PostScript/PDF with an embedded JBIG2 image, per multiple c...