CVE-2020-16287 – ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS
https://notcve.org/view.php?id=CVE-2020-16287
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. Una vulnerabilidad de desbordamiento del búfer en la función lprn_is_black() en el archivo contrib/lips4/gdevlprn.c de Artifex Software GhostScript versión v9.50, permite a un atacante remoto causar una denegación de servicio por medio de un archivo PDF diseñado. Esto es corregido en la versión v9.51 • https://bugs.ghostscript.com/show_bug.cgi?id=701785 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=450da26a76286a8342ec0864b3d113856709f8f6 https://lists.debian.org/debian-lts-announce/2020/08/msg00032.html https://security.gentoo.org/glsa/202008-20 https://usn.ubuntu.com/4469-1 https://www.debian.org/security/2020/dsa-4748 https://access.redhat.com/security/cve/CVE-2020-16287 https://bugzilla.redhat.com/show_bug.cgi?id=1870242 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2020-15900
https://notcve.org/view.php?id=CVE-2020-15900
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. Se encontró un problema de corrupción de memoria en Artifex Ghostscript versiones 9.50 y 9.52. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=log http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00006.html https://artifex.com/security-advisories/CVE-2020-15900 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commit/5d499272b95a6b890a1397e11d20937de000d31b https://github.com/ArtifexSoftware/ghostpdl/commits/master/psi/zstring.c https: • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVE-2019-14869 – ghostscript: -dSAFER escape in .charkeys (701841)
https://notcve.org/view.php?id=CVE-2019-14869
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. Se detectó un fallo en todas las versiones de ghostscript 9.x en versiones anteriores a la 9.50, donde el procedimiento ".charkeys", donde no aseguraba apropiadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones "-dSAFER". Un atacante podría abusar de este fallo mediante la creación de un archivo PostScript especialmente diseñado que podría aumentar los privilegios dentro de Ghostscript y acceder a archivos fuera de áreas restringidas o ejecutar comandos. A flaw was found in the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://jvn.jp/en/jp/JVN52486659/index.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html http://www.openwall.com/lists/oss-security/2019/11/15/1 https://access.redhat.com/errata/RHSA-2020:0222 https://bugs.ghostscript.com/show_bug.cgi?id=701841 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=48590477 • CWE-648: Incorrect Use of Privileged APIs CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-14813 – ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443)
https://notcve.org/view.php?id=CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detectó un fallo en ghostscript, versiones 9.x versiones anteriores a la 9.50, en el procedimiento setsystemparams donde no aseguraba apropiadamente sus llamadas privilegiadas, permitiendo a los scripts omitir las restricciones "-dSAFER". Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y entonces tener acceso al sistema de archivos o ejecutar comandos arbitrarios. A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=885444fcbe10dc42787ecb76686c8ee4dd33bf33 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2594 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html https://lists.fedoraproject.o • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •
CVE-2019-14817 – ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450)
https://notcve.org/view.php?id=CVE-2019-14817
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Se detecto un error en ghostscript en versiones anteriores a la 9.50, en el .pdfexectoken y en otros procedimientos en los que no aseguraba adecuadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios. A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=cd1b1cacadac2479e291efe611979bdc1b3bdb19 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2594 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14817 https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html https://lists.fedoraproject.o • CWE-648: Incorrect Use of Privileged APIs CWE-863: Incorrect Authorization •