rpm package
opensuse/ghostscript-mini&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/ghostscript-mini&distro=openSUSE%20Leap%2015.1
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15900 | — | < 9.52-lp151.3.15.1 | 9.52-lp151.3.15.1 | Jul 28, 2020 | A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32 | ||
| CVE-2020-12268 | — | < 9.52-lp151.3.12.1 | 9.52-lp151.3.12.1 | Apr 27, 2020 | jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | ||
| CVE-2019-14812 | — | < 9.27-lp151.3.6.1 | 9.27-lp151.3.6.1 | Nov 27, 2019 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | ||
| CVE-2019-10216 | — | < 9.26a-lp151.3.3.1 | 9.26a-lp151.3.3.1 | Nov 27, 2019 | In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and acce | ||
| CVE-2019-14869 | — | < 9.27-lp151.3.9.1 | 9.27-lp151.3.9.1 | Nov 15, 2019 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript | ||
| CVE-2019-14813 | — | < 9.27-lp151.3.6.1 | 9.27-lp151.3.6.1 | Sep 6, 2019 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav | ||
| CVE-2019-14817 | — | < 9.27-lp151.3.6.1 | 9.27-lp151.3.6.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t | ||
| CVE-2019-14811 | — | < 9.27-lp151.3.6.1 | 9.27-lp151.3.6.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | ||
| CVE-2019-12973 | — | < 9.27-lp151.3.6.1 | 9.27-lp151.3.6.1 | Jun 26, 2019 | In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. | ||
| CVE-2019-3839 | — | < 9.27-lp151.3.6.1 | 9.27-lp151.3.6.1 | May 16, 2019 | It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d | ||
| CVE-2019-3835 | — | < 9.27-lp151.3.6.1 | 9.27-lp151.3.6.1 | Mar 25, 2019 | It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. |
- CVE-2020-15900Jul 28, 2020affected < 9.52-lp151.3.15.1fixed 9.52-lp151.3.15.1
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32
- CVE-2020-12268Apr 27, 2020affected < 9.52-lp151.3.12.1fixed 9.52-lp151.3.12.1
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
- CVE-2019-14812Nov 27, 2019affected < 9.27-lp151.3.6.1fixed 9.27-lp151.3.6.1
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- CVE-2019-10216Nov 27, 2019affected < 9.26a-lp151.3.3.1fixed 9.26a-lp151.3.3.1
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and acce
- CVE-2019-14869Nov 15, 2019affected < 9.27-lp151.3.9.1fixed 9.27-lp151.3.9.1
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript
- CVE-2019-14813Sep 6, 2019affected < 9.27-lp151.3.6.1fixed 9.27-lp151.3.6.1
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav
- CVE-2019-14817Sep 3, 2019affected < 9.27-lp151.3.6.1fixed 9.27-lp151.3.6.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t
- CVE-2019-14811Sep 3, 2019affected < 9.27-lp151.3.6.1fixed 9.27-lp151.3.6.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- CVE-2019-12973Jun 26, 2019affected < 9.27-lp151.3.6.1fixed 9.27-lp151.3.6.1
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
- CVE-2019-3839May 16, 2019affected < 9.27-lp151.3.6.1fixed 9.27-lp151.3.6.1
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d
- CVE-2019-3835Mar 25, 2019affected < 9.27-lp151.3.6.1fixed 9.27-lp151.3.6.1
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.