Page 7 of 221 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. • https://bugs.ghostscript.com/attachment.cgi?id=22323 https://bugs.ghostscript.com/show_bug.cgi?id=705156 https://vuldb.com/?id.197290 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. Se ha detectado que Artifex MuJS versión v1.1.3, contiene un desbordamiento del búfer de la pila que es causado por el conflicto de JumpList de declaraciones try/finally anidadas • https://bugs.ghostscript.com/show_bug.cgi?id=704749 https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 hasta 9.53.3, presenta un uso de memoria previamente liberada en la función sampled_data_sample (llamado desde sampled_data_continue e interp). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30715 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=7861fcad13c497728189feafb41cd57b5b50ea25 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml https://github.com/google/oss-fuzz-vulns/issues/16 https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html https://www.debian.org/security/2022/dsa-5038 • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). Ghostscript GhostPDL versiones 9.50 a 9.54.0, presenta un desbordamiento de búfer en la región heap de la memoria en la función sampled_data_finish (llamado desde sampled_data_continue e interp). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=2a3129365d3bc0d4a41f107ef175920d1505d1f7 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml https://lists.debian.org/debian-lts-announce/2022/01/msg00006.html https://www.debian.org/security/2022/dsa-5038 • CWE-787: Out-of-bounds Write •

CVSS: 9.9EPSS: 0%CPEs: 5EXPL: 0

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de escape trivial del sandbox (habilitado con la opción "-dSAFER") en el intérprete de ghostscript al inyectar un comando de tubería especialmente diseñado. Este fallo permite que un documento especialmente diseñado ejecute comandos arbitrarios en el sistema en el contexto del intérprete ghostscript. • https://bugzilla.redhat.com/show_bug.cgi?id=2002271 https://ghostscript.com/CVE-2021-3781.html https://security.gentoo.org/glsa/202211-11 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •