VuXML ID | Description |
25872b25-da2d-11ed-b715-a1e76793953b | ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter
cve@mitre.org reports:
In Artifex Ghostscript through 10.01.0, there is a buffer overflow
leading to potential corruption of data internal to the PostScript
interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode,
TBCPEncode, and TBCPDecode. If the write buffer is filled to one
byte less than full, and one then tries to write an escaped character,
two bytes are written.
Discovery 2023-03-23 Entry 2023-04-13 Modified 2023-04-28 ghostscript
< 10.01.1
ghostscript7-base
< 10.01.1
ghostscript7-commfont
< 10.01.1
ghostscript7-jpnfont
< 10.01.1
ghostscript7-korfont
< 10.01.1
ghostscript7-x11
< 10.01.1
ghostscript8-base
< 10.01.1
ghostscript8-x11
< 10.01.1
ghostscript9-agpl-base
< 9.56.1_10
CVE-2023-28879
https://nvd.nist.gov/vuln/detail/CVE-2023-28879
https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript
|
5ed7102e-6454-11e9-9a3a-001cc0382b2f | Ghostscript -- Security bypass vulnerability
Cedric Buissart (Red Hat) reports:
It was found that the superexec operator was available in the
internal dictionary in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by
-dSAFER.
It was found that the forceput operator could be extracted from
the DefineResource method in ghostscript before 9.27. A specially
crafted PostScript file could use this flaw in order to, for
example, have access to the file system outside of the constrains
imposed by -dSAFER.
Discovery 2019-03-21 Entry 2019-04-21 ghostscript9-agpl-base
ghostscript9-agpl-x11
< 9.27
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
CVE-2019-3835
CVE-2019-3838
|
22ae307a-1ac4-11ea-b267-001cc0382b2f | Ghostscript -- Security bypass vulnerabilities
Cedric Buissart (Red Hat) reports:
A flaw was found in, ghostscript versions prior to 9.50, in the
.pdf_hook_DSC_Creator procedure where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in all ghostscript versions 9.x before 9.50, in
the .setuserparams2 procedure where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in ghostscript, versions 9.x before 9.50, in the
setsystemparams procedure where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.50, in the
.pdfexectoken and other procedures where it did not properly secure
its privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could disable
security protection and then have access to the file system, or
execute arbitrary commands.
Discovery 2019-08-20 Entry 2019-12-09 ghostscript9-agpl-base
ghostscript9-agpl-x11
< 9.50
CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817
|
30c0f878-b03e-11e8-be8a-0011d823eebd | Ghostscript -- arbitrary code execution
CERT reports:
Ghostscript contains an optional -dSAFER option, which is supposed
to prevent unsafe PostScript operations. Multiple PostScript
operations bypass the protections provided by -dSAFER, which can
allow an attacker to execute arbitrary commands with arbitrary
arguments. This vulnerability can also be exploited in applications
that leverage Ghostscript, such as ImageMagick, GraphicsMagick,
evince, Okular, Nautilus, and others.
Exploit code for this vulnerability is publicly available.
Discovery 2018-08-21 Entry 2018-09-04 ghostscript9-agpl-base
ghostscript9-agpl-x11
< 9.24
https://www.kb.cert.org/vuls/id/332928
CVE-2018-15908
CVE-2018-15909
CVE-2018-15910
CVE-2018-15911
|