rpm package
suse/ghostscript&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12268 | Cri | 9.8 | < 9.52-23.34.1 | 9.52-23.34.1 | Apr 27, 2020 | jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | |
| CVE-2019-14812 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Nov 27, 2019 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | |
| CVE-2019-14869 | Hig | 8.8 | < 9.27-23.31.1 | 9.27-23.31.1 | Nov 15, 2019 | A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript | |
| CVE-2019-14813 | Cri | 9.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 6, 2019 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav | |
| CVE-2019-14817 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t | |
| CVE-2019-14811 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | |
| CVE-2019-12973 | Med | 5.5 | < 9.27-23.28.1 | 9.27-23.28.1 | Jun 26, 2019 | In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. | |
| CVE-2019-3839 | Hig | 7.8 | < 9.27-23.28.1 | 9.27-23.28.1 | May 16, 2019 | It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d | |
| CVE-2019-3838 | Med | 5.5 | < 9.26a-23.22.1 | 9.26a-23.22.1 | Mar 25, 2019 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | |
| CVE-2019-3835 | Med | 5.5 | < 9.27-23.28.1 | 9.27-23.28.1 | Mar 25, 2019 | It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | |
| CVE-2019-6116 | Hig | 7.8 | < 9.26a-23.19.1 | 9.26a-23.19.1 | Mar 21, 2019 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | |
| CVE-2018-19477 | Hig | 7.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | |
| CVE-2018-19476 | Hig | 7.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | |
| CVE-2018-19475 | Hig | 7.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | |
| CVE-2018-19409 | Cri | 9.8 | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 21, 2018 | An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | |
| CVE-2018-18284 | Hig | 8.6 | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 19, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | |
| CVE-2018-18073 | Med | 6.3 | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | |
| CVE-2018-17961 | Hig | 8.6 | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | |
| CVE-2018-17183 | Hig | 7.8 | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 19, 2018 | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | |
| CVE-2018-16802 | Hig | 7.8 | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 10, 2018 | An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to |
- affected < 9.52-23.34.1fixed 9.52-23.34.1
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- affected < 9.27-23.31.1fixed 9.27-23.31.1
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t
- affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- affected < 9.27-23.28.1fixed 9.27-23.28.1
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
- affected < 9.27-23.28.1fixed 9.27-23.28.1
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d
- affected < 9.26a-23.22.1fixed 9.26a-23.22.1
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- affected < 9.27-23.28.1fixed 9.27-23.28.1
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- affected < 9.26a-23.19.1fixed 9.26a-23.19.1
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
- affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
- affected < 9.25-23.13.1fixed 9.25-23.13.1
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
- affected < 9.25-23.13.1fixed 9.25-23.13.1
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to
Page 1 of 3