39 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. Se descubrió un problema en la función gdev_prn_open_printer_seekable() en Artifex Ghostscript hasta la versión 10.02.0 que permite a atacantes remotos bloquear la aplicación mediante un puntero colgante. • https://bugs.ghostscript.com/show_bug.cgi?id=707264 https://ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=dcdbc595c13c9d11d235702dff46bb74c80f7698 https://www.debian.org/security/2023/dsa-5578 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecución remota de código a través de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el parámetro IjsServer, después de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una línea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). A vulnerability was found in Artifex Ghostscript in gdevijs.c, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents. • https://github.com/jostaub/ghostscript-CVE-2023-43115 https://bugs.ghostscript.com/show_bug.cgi?id=707051 https://ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5 https://access.redhat.com/security/cve/CVE-2023-43115 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. • https://access.redhat.com/errata/RHSA-2023:7053 https://access.redhat.com/security/cve/CVE-2023-4042 https://bugzilla.redhat.com/show_bug.cgi?id=1870257 https://bugzilla.redhat.com/show_bug.cgi?id=2228151 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. • https://bugs.ghostscript.com/show_bug.cgi?id=701846 https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. GhostScript is vulnerable to divide by zero issue in function eps_print_page in gdevepsn.c allows remote attacker to cause a denial of service via crafted PDF file. • https://bugs.ghostscript.com/show_bug.cgi?id=701843 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=4e713293de84b689c4ab358f3e110ea54aa81925 https://lists.debian.org/debian-lts-announce/2023/09/msg00029.html https://access.redhat.com/security/cve/CVE-2020-21710 https://bugzilla.redhat.com/show_bug.cgi?id=2235001 • CWE-369: Divide By Zero •