VYPR

rpm package

suse/ghostscript-library&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (4)

  • CVE-2016-7979CriMay 23, 2017
    affected < 8.62-32.38.1fixed 8.62-32.38.1

    Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.

  • CVE-2016-7977MedMay 23, 2017
    affected < 8.62-32.38.1fixed 8.62-32.38.1

    Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

  • CVE-2013-5653MedMar 7, 2017
    affected < 8.62-32.38.1fixed 8.62-32.38.1

    The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

  • CVE-2015-3228Aug 11, 2015
    affected < 8.62-32.38.1fixed 8.62-32.38.1

    Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds re