[SECURITY] Fedora 26 Update: transfig-3.2.6a-1.fc26

The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Install transfig...

Updated ghostscript packages fix security vulnerabilities

Multiple use-after-free vulnerabilities in the gximageenumbegin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted PostScript...

[SECURITY] Fedora 27 Update: ghostscript-9.22-1.fc27

Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the graphics capabilities in the PostScript language and an interpreter for Portable Document Format PDF files. Ghostscript translates PostScript code into many...

sam2p integer overflow vulnerability (CNVD-2017-36354)

sam2p is a command-line utility that can convert many raster bitmap image formats such as GIF, JPG/JPEG and PNG to PostScript or PDF files. An integer overflow vulnerability exists in input-bmp.ci in the ReadImage function in sam2p version 0.49.4, for which there is currently no detailed...

VulnCheck KEV: CVE-2013-0808

Hangul Word Processor contains a buffer overflow vulnerability that can be exploited by an embedded EPS object contained in a malicious HWP document...

Updated ghostscript packages fix security vulnerabilities

The InsMIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash or possibly have unspecified other impact via a crafted document. CVE-2017-9611 The InsIP function in base/ttinterp.c...

Debian DSA-3986-1 : ghostscript - security update

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[SECURITY] [DSA 3986-1] ghostscript security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3986-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2017 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3986-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2017-14624

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c...

[SECURITY] Fedora 25 Update: autotrace-0.31.1-49.fc25

AutoTrace is a program for converting bitmaps to vector graphics. Supported input formats include BMP, TGA, PNM, PPM, and any format supported by ImageMagick, whereas output can be produced in Postscript, SVG, xfig, SWF, and others...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

JVN#09769017: Multiple Fuji Xerox products may insecurely load Dynamic Link Libraries

Installers of multiple products, and DocuWorks self-extracting documents provided by Fuji Xerox Co.,Ltd. contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the administrative...

USN-3403-1: Ghostscript vulnerabilities

Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service. CVE-2017-11714 Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted...

CentOS 7 : ghostscript (CESA-2017:2180)

An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

evince security update

CentOS Errata and Security Advisory CESA-2017:2388 An update for evince is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

ghostscript security update

CentOS Errata and Security Advisory CESA-2017:2180 An update for ghostscript is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Scientific Linux Security Update : ghostscript on SL7.x x86_64 (20170802)

Security Fixes : - A NULL pointer dereference flaw was found in ghostscript's memgetbitsrectangle function. A specially crafted postscript document could cause a crash in the context of the gs process. CVE-2017-7207 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C...

GPL Ghostscript: Multiple vulnerabilities

Background Ghostscript is an interpreter for the PostScript language and for PDF. Description Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact A context-dependent attacker could entice a user to...

GLSA-201708-06 : GPL Ghostscript: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201708-06 GPL Ghostscript: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for additional information. Impact : A context-dependent...