rpm package
suse/libspectre&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3781 | — | < 0.2.7-12.12.1 | 0.2.7-12.12.1 | Feb 16, 2022 | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript in | ||
| CVE-2020-12268 | — | < 0.2.7-12.10.1 | 0.2.7-12.10.1 | Apr 27, 2020 | jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | ||
| CVE-2019-6116 | — | < 0.2.7-12.6.1 | 0.2.7-12.6.1 | Mar 19, 2019 | In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. | ||
| CVE-2018-19477 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Nov 23, 2018 | psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. | ||
| CVE-2018-19476 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Nov 23, 2018 | psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. | ||
| CVE-2018-19475 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Nov 23, 2018 | psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. | ||
| CVE-2018-19409 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Nov 21, 2018 | An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. | ||
| CVE-2018-18284 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Oct 19, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. | ||
| CVE-2018-18073 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Oct 15, 2018 | Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | ||
| CVE-2018-17961 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Oct 15, 2018 | Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. | ||
| CVE-2018-17183 | — | < 0.2.7-12.4.1 | 0.2.7-12.4.1 | Sep 19, 2018 | Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. |
- CVE-2021-3781Feb 16, 2022affected < 0.2.7-12.12.1fixed 0.2.7-12.12.1
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript in
- CVE-2020-12268Apr 27, 2020affected < 0.2.7-12.10.1fixed 0.2.7-12.10.1
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
- CVE-2019-6116Mar 19, 2019affected < 0.2.7-12.6.1fixed 0.2.7-12.6.1
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
- CVE-2018-19477Nov 23, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
- CVE-2018-19476Nov 23, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
- CVE-2018-19475Nov 23, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
- CVE-2018-19409Nov 21, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.
- CVE-2018-18284Oct 19, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.
- CVE-2018-18073Oct 15, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.
- CVE-2018-17961Oct 15, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
- CVE-2018-17183Sep 19, 2018affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.