SUSE CVE-1999-0155

The ghostscript command with the -dSAFER option allows remote attackers to execute commands...

SUSE CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

SUSE CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

DEBIAN-CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

UBUNTU-CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files

Ghostscript did not honor the -dSAFER option when executing the "status" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content...

The vulnerability of the PostScript Ghostscript file conversion program lies in the improper use of privileged APIs, allowing an attacker to gain access to the file system bypassing restrictions.

The vulnerability of the PostScript Ghostscript file conversion program is related to the improper use of privileged APIs. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the file system by circumventing the restrictions imposed by the -dSAFER option,...

The vulnerability of the 1Policy procedure (the “forceput” version of the procedure) for software that processes, transforms, and generates Ghostscript documents involves a possibility to bypass the environment for secure execution. This allows a perpetrator to execute arbitrary code.

The vulnerability of the 1Policy procedure the “forceput” version of the procedure in the software for processing, transforming, and generating Ghostscript documents is related to the possibility of circumventing the environment for secure execution, even when the -dSAFER option is used. Exploiti...

ghostscript: getenv and filenameforall ignore -dSAFER

It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, fro...

ghostscript: .libfile does not honor -dSAFER

It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine...

ghostscript: getenv and filenameforall ignore -dSAFER

It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, fro...

ghostscript: .libfile does not honor -dSAFER

It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine...

UBUNTU-CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

DEBIAN-CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

security flaw

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a 1 PBM, 2 PGM, or 3 PNM file, which allows external user-assisted attackers to execute arbitrary commands...

PT-1995-1007 · Artifex · Ghostscript

Name of the Vulnerable Software and Affected Versions: ghostscript affected versions not specified Description: The issue allows remote attackers to execute commands through the ghostscript command when the -dSAFER option is used. Recommendations: At the moment, there is no information about a...