FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-17 01:42:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
22ae307a-1ac4-11ea-b267-001cc0382b2f	Ghostscript -- Security bypass vulnerabilities Cedric Buissart (Red Hat) reports: A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. Discovery 2019-08-20 Entry 2019-12-09 ghostscript9-agpl-base ghostscript9-agpl-x11 < 9.50 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817
25872b25-da2d-11ed-b715-a1e76793953b	ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter cve@mitre.org reports: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. Discovery 2023-03-23 Entry 2023-04-13 Modified 2023-04-28 ghostscript < 10.01.1 ghostscript7-base < 10.01.1 ghostscript7-commfont < 10.01.1 ghostscript7-jpnfont < 10.01.1 ghostscript7-korfont < 10.01.1 ghostscript7-x11 < 10.01.1 ghostscript8-base < 10.01.1 ghostscript8-x11 < 10.01.1 ghostscript9-agpl-base < 9.56.1_10 CVE-2023-28879 https://nvd.nist.gov/vuln/detail/CVE-2023-28879 https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript

VuXML ID

Description

22ae307a-1ac4-11ea-b267-001cc0382b2f

Ghostscript -- Security bypass vulnerabilities

Cedric Buissart (Red Hat) reports:

Discovery 2019-08-20
Entry 2019-12-09
ghostscript9-agpl-base
ghostscript9-agpl-x11

CVE-2019-14811
CVE-2019-14812
CVE-2019-14813
CVE-2019-14817

25872b25-da2d-11ed-b715-a1e76793953b

ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter

cve@mitre.org reports:

Discovery 2023-03-23
Entry 2023-04-13
Modified 2023-04-28
ghostscript

ghostscript7-base

ghostscript7-commfont

ghostscript7-jpnfont

ghostscript7-korfont

ghostscript7-x11

ghostscript8-base

ghostscript8-x11

ghostscript9-agpl-base

CVE-2023-28879
https://nvd.nist.gov/vuln/detail/CVE-2023-28879
https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript