RHEL 5 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - foomatic: foomatic-rip debug mode insecure temporary file use in renderer command line by processing...

RHEL 4 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - foomatic: foomatic-rip debug mode insecure temporary file use in renderer command line by processing...

RHEL 6 : foomatic (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - foomatic: foomatic-rip debug mode insecure temporary file use in renderer command line by processing...

RHEL 6 : freetype (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - freetype: Use of uninitialized memory CVE-2014-9746 - FreeType before 2.4.11 allows context-dependent...

RHEL 9 : cups (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cups: insecure permissions of /var/log/cups allows for symlink attacks CVE-2021-25317 - cups, libppd:...

SUSE CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

Updated ghostscript packages fix security vulnerabilities

Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed...

Low: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ALSA-2024:2966 Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: Divide by zero in epsprintpage in gdevepsn.c CVE-2020-21710 For more...

Low: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: Divide by zero in epsprintpage in gdevepsn.c CVE-2020-21710 For more...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2024-1649)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VulnCheck KEV: CVE-2018-16509

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction...

UBUNTU-CVE-2024-33869

An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur via a crafted PostScript document because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command output filename...

UBUNTU-CVE-2024-33871

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp and oprp devices can have an arbitrary name for a...

PT-2024-6395 · Artifex +9 · Artifex Ghostscript +9

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.1 Description: The issue is related to path reduction in the base/gpmisc.c file of Ghostscript, allowing for path traversal and command execution via a crafted PostScript document. This can lead to...

UBUNTU-CVE-2024-33870

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal via a crafted PostScript document to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ i...

OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow

...

PT-2024-4559 · Artifex +9 · Artifex Ghostscript +9

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.1 Description: The issue is related to errors in handling relative path to directory in the Ghostscript software, which can allow a remote attacker to execute arbitrary code using a specially crafte...

[SECURITY] Fedora 40 Update: fontforge-20230101-11.fc40

FontForge former PfaEdit is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript ASCII and binary Type 1, some Type 3 and Type 0, TrueType, OpenType Type2 and CID-keyed fonts...

[SECURITY] Fedora 40 Update: xmlgraphics-commons-2.9-3.fc40

Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D...