2744 matches found
CVE-2014-9745
The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...
CVE-2014-9745
CVE-2014-9745 affects FreeType: the parse_encoding path in type1/t1load.c (before 2.5.3) can be triggered by a crafted PostScript stream (e.g., 8#garbage) to cause a denial of service. Public docs consistently cite this as a DoS via broken number-with-base; affected versions are
CVE-2014-9745
The parseencoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service infinite loop via a "broken number-with-base" in a Postscript stream, as demonstrated by 8garbage...
Amazon Linux: Security Advisory (ALAS-2012-127)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2015-1995
Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2007 SP3 through 2013 RT SP1 Description A remote code execution issue exists due to insufficient input validation. Exploitation can allow a remote attacker to execute arbitrary code using a specially crafted EPS imag...
VulnCheck KEV: CVE-2015-2545
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image...
FreeBSD : ghostscript -- denial of service (crash) via crafted Postscript files (fc1f6658-4f53-11e5-934b-002590263bf5)
MITRE reports : Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or...
CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
DEBIAN-CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
Integer overflow
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
CVE-2015-3228
CVE-2015-3228 : Ghostscript 9.15 and earlier contains an integer overflow in gs_heap_alloc_bytes (base/gsmalloc.c) that can trigger an out-of-bounds read/write through a crafted PostScript file, as demonstrated via ps2pdf, causing denial of service (crash). Connected sources confirm the affected ...
CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...
MGASA-2015-0308 Updated ghostscript package fixes security vulnerability
GhostScript is vulnerable to an integer overflow when processing a crafted PostScript file using the ps2pdf command CVE-2015-3228...
ghostscript memory corruption
Memory corruption on Postscript file parsing...
One font vulnerability to rule them all #1: Introducing the BLEND vulnerability
Posted by Mateusz Jurczyk of Google Project Zero Last month, I presented parts of my PostScript font security research at the REcon security conference in Montreal, in a talk titled “One font vulnerability to rule them all: A story of cross-software ownage, shared codebases and advanced...
USN-2697-1 ghostscript vulnerability
William Robinet and Stefan Cornelius discovered that Ghostscript did not correctly handle certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code...
USN-2697-1: Ghostscript vulnerability
William Robinet and Stefan Cornelius discovered that Ghostscript did not correctly handle certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code...
CVE-2015-3228
Integer overflow in the gsheapallocbytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service crash via a crafted Postscript ps file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write...