FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
25872b25-da2d-11ed-b715-a1e76793953bghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter

cve@mitre.org reports:

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.


Discovery 2023-03-23
Entry 2023-04-13
Modified 2023-04-28
ghostscript
< 10.01.1

ghostscript7-base
< 10.01.1

ghostscript7-commfont
< 10.01.1

ghostscript7-jpnfont
< 10.01.1

ghostscript7-korfont
< 10.01.1

ghostscript7-x11
< 10.01.1

ghostscript8-base
< 10.01.1

ghostscript8-x11
< 10.01.1

ghostscript9-agpl-base
< 9.56.1_10

CVE-2023-28879
https://nvd.nist.gov/vuln/detail/CVE-2023-28879
https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript
62642942-590f-11eb-a0dc-8c164582fbacGhostscript -- SAFER Sandbox Breakout

SO-AND-SO reports:

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.


Discovery 2020-07-28
Entry 2021-01-17
ghostscript9-agpl-base
ge 9.50 lt 9.52_8

https://nvd.nist.gov/vuln/detail/CVE-2020-15900