Search CVE reports

101 – 110 of 217 results

Detailed view

Sort by:

CVE-2019-14812

Medium priority

Fixed

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted...

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	—	—	Fixed	Fixed

CVE-2019-14811

Medium priority

Fixed

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted...

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	—	—	Fixed	Fixed

CVE-2019-10216

Medium priority

Fixed

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted...

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	—	—	Fixed	Fixed

CVE-2019-12973

Low priority

Some fixes available 11 of 80

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...

9 affected packages

blender, emscripten, gdcm, ghostscript, insighttoolkit4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emscripten	Ignored	Ignored	Not in release	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not affected
openjpeg2	Fixed	Fixed	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-20843

Low priority

Some fixes available 21 of 108

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
vtk	Not in release	Not in release	Not in release	Not in release	Fixed
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2017-15652

Medium priority

Not affected

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that)....

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	—	—	Not affected	Not affected

CVE-2019-3839

Medium priority

Fixed

It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the...

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	—	—	Fixed	Fixed

CVE-2019-3838

Medium priority

Fixed

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system...

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	—	—	Fixed	Fixed

CVE-2019-3835

Medium priority

Fixed

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside...

1 affected packages

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	—	—	—	Fixed	Fixed

CVE-2019-6988

Low priority

Vulnerable

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c,...

3 affected packages

ghostscript, openjpeg, openjpeg2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ghostscript	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
openjpeg	Not in release	Not in release	Not in release	Not in release	Not affected
openjpeg2	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

Export to JSON

Results by page: