9 results (0.012 seconds)

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). Artifex Ghostscript anterior a 9.53.0 tiene una escritura y un use-after-free fuera de los límites en devices/vector/gdevtxtw.c (para txtwrite) porque un código de un solo carácter en un documento PDF se puede asignar a más de un punto de código Unicode. (por ejemplo, para una ligadura). • https://bugs.ghostscript.com/show_bug.cgi?id=702229 https://bugzilla.opensuse.org/show_bug.cgi?id=1177922 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874 https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. Se descubrió un problema en la función gdev_prn_open_printer_seekable() en Artifex Ghostscript hasta la versión 10.02.0 que permite a atacantes remotos bloquear la aplicación mediante un puntero colgante. • https://bugs.ghostscript.com/show_bug.cgi?id=707264 https://ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=dcdbc595c13c9d11d235702dff46bb74c80f7698 https://www.debian.org/security/2023/dsa-5578 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). En Artifex Ghostscript hasta 10.01.2, gdevijs.c en GhostPDL puede conducir a la ejecución remota de código a través de documentos PostScript manipulados porque pueden cambiar al dispositivo IJS, o cambiar el parámetro IjsServer, después de que se haya activado SAFER. NOTA: es un riesgo documentado que el servidor IJS se pueda especificar en una línea de comandos gs (el dispositivo IJS debe ejecutar inherentemente un comando para iniciar el servidor IJS). A vulnerability was found in Artifex Ghostscript in gdevijs.c, allows a malicious remote attacker to perform remote code execution via crafted PostScript documents. • https://github.com/jostaub/ghostscript-CVE-2023-43115 https://bugs.ghostscript.com/show_bug.cgi?id=707051 https://ghostscript.com https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=e59216049cac290fb437a04c4f41ea46826cfba5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5 https://access.redhat.com/security/cve/CVE-2023-43115 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Se ha encontrado un fallo de desbordamiento de búfer en base/gdevdevn.c:1973 en devn_pcx_write_rle() en ghostscript. Este problema puede permitir a un atacante local provocar una denegación de servicio mediante la salida de un archivo PDF manipulado para un dispositivo DEVN con gs. • https://access.redhat.com/errata/RHSA-2023:6544 https://access.redhat.com/errata/RHSA-2023:7053 https://access.redhat.com/security/cve/CVE-2023-38559 https://bugs.ghostscript.com/show_bug.cgi?id=706897 https://bugzilla.redhat.com/show_bug.cgi?id=2224367 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 3

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Artifex Ghostscript a través de 10.01.2 maneja mal la validación de permisos para dispositivos pipe (con el prefijo %pipe% o el prefijo | pipe character). A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). • https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection https://github.com/jeanchpt/CVE-2023-36664 https://github.com/churamanib/CVE-2023-36664-Ghostscript-command-injection https://bugs.ghostscript.com/show_bug.cgi?id=706761 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •