CVE-2003-0204

Summary: CVE-2003-0204 affects KDE 2/3.x components on multiple Debian packages. The KDE team reported that Ghostscript usage to process PS/PDF files via kghostview could allow arbitrary command execution due to missing -dPARANOIDSAFER/-dSAFER handling. Public references show Debian DSAs (DSA-293...

Code execution via PDF and PS in KDE

Command contained in PS and PDF files may be eceuted...

DEBIAN-CVE-2002-2047

The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...

CVE-2002-0836

dvips converter for Postscript files in the tetex package calls the system function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts...

CVE-2002-1223

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps PostScript input file...

DSA-182 kdegraphics - buffer overflow

Bulletin has no description...

DSA-179 gnome-gv - buffer overflow

Bulletin has no description...

DSA-176 gv - buffer overflow

Bulletin has no description...

KDE Security Advisory: KGhostview Arbitary Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KGhostview Arbitary Code Execution Original Release Date: 2002-10-08 URL: http://www.kde.org/info/security/advisory-20021008-1.txt 0. References cve.mitre.org: CAN-2002-0838 BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002...

Important: Red Hat Security Advisory: ggv security update

Updated packages for gv, ggv, and kdegraphics fix a local buffer overflow when reading malformed PDF or PostScript files. Updated 07 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 Gv and ggv are user interface...

DEBIAN-CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...

CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...

CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...

CVE-2002-0838

CVE-2002-0838 concerns a buffer overflow in affected XDG/Preview components: gv 3.5.8 and earlier, gvv 1.0.2 and earlier, ggv 1.99.90 and earlier, gnome-gv, and kdegraphics 2.2.2 and earlier. The vulnerability arises when processing malformed PDF or PostScript files, where an unsafe call to sscan...

iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 09.26.2002 Exploitable Buffer Overflow in gv DESCRIPTION The gv program that is shipped on many Unix systems contains a buffer overflow which can be exploited by an attacker sending a malformed postscript or Adobe pdf file...

Important: Red Hat Security Advisory: ghostscript security update

Updated packages are available for GNU Ghostscript, which fix a vulnerability found during PostScript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary...

Important: Red Hat Security Advisory: : Ghostscript command execution vulnerability

Updated packages are available for GNU Ghostscript which fix a vulnerability found during Postscript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary comman...

BSD lpr 0.54 -4 - Arbitrary Command Execution

BSD lpr 0.54 -4 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitra...

Серьезная дырка в LPR (PostScript shell execution & grog)

При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...

CVE-1999-1062

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100...