VYPR

rpm package

suse/libspectre&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Vulnerabilities (11)

  • CVE-2021-3781CriFeb 16, 2022
    affected < 0.2.7-12.12.1fixed 0.2.7-12.12.1

    A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript in

  • CVE-2020-12268CriApr 27, 2020
    affected < 0.2.7-12.10.1fixed 0.2.7-12.10.1

    jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.

  • CVE-2019-6116HigMar 21, 2019
    affected < 0.2.7-12.6.1fixed 0.2.7-12.6.1

    In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

  • CVE-2018-19477HigNov 23, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.

  • CVE-2018-19476HigNov 23, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

  • CVE-2018-19475HigNov 23, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.

  • CVE-2018-19409CriNov 21, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

  • CVE-2018-18284HigOct 19, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

  • CVE-2018-18073MedOct 15, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object.

  • CVE-2018-17961HigOct 15, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

  • CVE-2018-17183HigSep 19, 2018
    affected < 0.2.7-12.4.1fixed 0.2.7-12.4.1

    Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code.