rpm package
suse/ghostscript&distro=SUSE Enterprise Storage 4
pkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%204
Vulnerabilities (32)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-14812 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Nov 27, 2019 | A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | ||
| CVE-2019-14813 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 6, 2019 | A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav | ||
| CVE-2019-14817 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t | ||
| CVE-2019-14811 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Sep 3, 2019 | A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then | ||
| CVE-2019-12973 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Jun 26, 2019 | In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616. | ||
| CVE-2019-3839 | — | < 9.27-23.28.1 | 9.27-23.28.1 | May 16, 2019 | It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d | ||
| CVE-2019-3835 | — | < 9.27-23.28.1 | 9.27-23.28.1 | Mar 25, 2019 | It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | ||
| CVE-2019-3838 | — | < 9.26a-23.22.1 | 9.26a-23.22.1 | Mar 25, 2019 | It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. | ||
| CVE-2019-6116 | — | < 9.26a-23.19.1 | 9.26a-23.19.1 | Mar 19, 2019 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | ||
| CVE-2018-19477 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | ||
| CVE-2018-19476 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | ||
| CVE-2018-19475 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 23, 2018 | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | ||
| CVE-2018-19409 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Nov 21, 2018 | An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | ||
| CVE-2018-18284 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 19, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | ||
| CVE-2018-18073 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | ||
| CVE-2018-17961 | — | < 9.26-23.16.1 | 9.26-23.16.1 | Oct 15, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | ||
| CVE-2018-17183 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 19, 2018 | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. | ||
| CVE-2018-16802 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 10, 2018 | An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to | ||
| CVE-2018-16585 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 6, 2018 | An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to s | ||
| CVE-2018-16543 | — | < 9.25-23.13.1 | 9.25-23.13.1 | Sep 5, 2018 | In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact. |
- CVE-2019-14812Nov 27, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- CVE-2019-14813Sep 6, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then hav
- CVE-2019-14817Sep 3, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and t
- CVE-2019-14811Sep 3, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then
- CVE-2019-12973Jun 26, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to CVE-2018-6616.
- CVE-2019-3839May 16, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -d
- CVE-2019-3835Mar 25, 2019affected < 9.27-23.28.1fixed 9.27-23.28.1
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- CVE-2019-3838Mar 25, 2019affected < 9.26a-23.22.1fixed 9.26a-23.22.1
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
- CVE-2019-6116Mar 19, 2019affected < 9.26a-23.19.1fixed 9.26a-23.19.1
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
- CVE-2018-19477Nov 23, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
- CVE-2018-19476Nov 23, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
- CVE-2018-19475Nov 23, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
- CVE-2018-19409Nov 21, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
- CVE-2018-18284Oct 19, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
- CVE-2018-18073Oct 15, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
- CVE-2018-17961Oct 15, 2018affected < 9.26-23.16.1fixed 9.26-23.16.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
- CVE-2018-17183Sep 19, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.
- CVE-2018-16802Sep 10, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to
- CVE-2018-16585Sep 6, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to s
- CVE-2018-16543Sep 5, 2018affected < 9.25-23.13.1fixed 9.25-23.13.1
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
Page 1 of 2