Page 22 of 221 results (0.007 seconds)

CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. Artifex Ghostscript en versiones anteriores a la 9.25 permitía una tabla de excepción de error que puede escribir el usuario. Esta tabla podía ser usada por los atacantes remotos capaces de proporcionar PostScript manipulados para poder sobrescribir o reemplazar manipuladores de errores para inyectar código. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=fb713b3818b52d8a6cf62c951eba2e1795ff9624 https://access.redhat.com/errata/RHSA-2018:3834 https://bugs.ghostscript.com/show_bug.cgi?id=699708 https://lists.debian.org/debian-lts-announce/2018/09/msg00038.html https://usn.ubuntu.com/3773-1 https://access.redhat.com/security/cve/CVE-2018-17183 https://bugzilla.redhat.com/show_bug.cgi?id=1632471 • CWE-460: Improper Cleanup on Thrown Exception •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509. Se ha descubierto un problema en versiones anteriores a la 9.25 de Artifex Ghostscript. La comprobación incorrecta de "restoration of privilege" al quedarse sin pila durante el manejo de excepciones podría ser empleada por atacantes que sean capaces de proporcionar PostScript manipulado para ejecutar código mediante la instrucción "pipe". • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=3e5d316b72e3965b7968bb1d96baa137cd063ac6 http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=643b24dbd002fb9c131313253c307cf3951b3d47 https://access.redhat.com/errata/RHSA-2018:3834 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5812b1b78fc4d36fdc293b7859de69241140d590 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://seclists.org/oss-sec/2018/q3/228 https://seclists.org/oss-sec/2018/q3/229 https://security • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. La función fz_append_byte en fitz/buffer.c en Artifex MuPDF 1.13.0 permite que atacantes remotos provoquen una denegación de servicio (fallo de segmentación) mediante un archivo pdf manipulado. Esto se ha provocado por un subdesbordamiento de índice de arrays pdf_dev_alpha en pdf/pdf-device.c. • https://bugs.ghostscript.com/show_bug.cgi?id=699685 https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=38f883fe129a5e89306252a4676eaaf4bc968824 • CWE-129: Improper Validation of Array Index •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. La función pdf_get_xref_entry en pdf/pdf-xref.c en Artifex MuPDF 1.13.0 permite que atacantes remotos provoquen una denegación de servicio (fallo de segmentación en fz_write_data en fitz/output.c) mediante un archivo pdf manipulado. • https://bugs.ghostscript.com/show_bug.cgi?id=699686 https://lists.debian.org/debian-lts-announce/2020/07/msg00019.html https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=351c99d8ce23bbf7099dbd52771a095f67e45a2c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193) ** EN DISPUTA ** Se ha descubierto un problema en versiones anteriores a la 9.24 de Artifex Ghostscript. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=1497d65039885a52b598b137dd8622bd4672f9be http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=971472c83a345a16dac9f90f91258bb22dd77f22 https://bugzilla.redhat.com/show_bug.cgi?id=1626193 https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html https://seclists.org/oss-sec/2018/q3/182 https://security.gentoo.org/glsa/201811-12 https://usn.ubuntu.com/3768-1 https://www.debian.org/security/2018/dsa-4288 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •