FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-22 14:49:56 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
25872b25-da2d-11ed-b715-a1e76793953b	ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter cve@mitre.org reports: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. Discovery 2023-03-23 Entry 2023-04-13 Modified 2023-04-28 ghostscript < 10.01.1 ghostscript7-base < 10.01.1 ghostscript7-commfont < 10.01.1 ghostscript7-jpnfont < 10.01.1 ghostscript7-korfont < 10.01.1 ghostscript7-x11 < 10.01.1 ghostscript8-base < 10.01.1 ghostscript8-x11 < 10.01.1 ghostscript9-agpl-base < 9.56.1_10 CVE-2023-28879 https://nvd.nist.gov/vuln/detail/CVE-2023-28879 https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript
fc1f6658-4f53-11e5-934b-002590263bf5	ghostscript -- denial of service (crash) via crafted Postscript files MITRE reports: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. Discovery 2015-06-17 Entry 2015-09-01 Modified 2015-09-02 ghostscript7 ghostscript7-nox11 ghostscript7-base ghostscript7-x11 < 7.07_32 ghostscript8 ghostscript8-nox11 ghostscript8-base ghostscript8-x11 < 8.71_19 ghostscript9 ghostscript9-nox11 ghostscript9-base ghostscript9-x11 < 9.06_11 ghostscript9-agpl ghostscript9-agpl-nox11 < 9.15_2 ghostscript9-agpl-base ghostscript9-agpl-x11 < 9.16_2 CVE-2015-3228 http://bugs.ghostscript.com/show_bug.cgi?id=696041 http://bugs.ghostscript.com/show_bug.cgi?id=696070 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859

VuXML ID

Description

25872b25-da2d-11ed-b715-a1e76793953b

ghostscript -- exploitable buffer overflow in (T)BCP in PS interpreter

cve@mitre.org reports:

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.

Discovery 2023-03-23
Entry 2023-04-13
Modified 2023-04-28
ghostscript

< 10.01.1

ghostscript7-base

< 10.01.1

ghostscript7-commfont

< 10.01.1

ghostscript7-jpnfont

< 10.01.1

ghostscript7-korfont

< 10.01.1

ghostscript7-x11

< 10.01.1

ghostscript8-base

< 10.01.1

ghostscript8-x11

< 10.01.1

ghostscript9-agpl-base

< 9.56.1_10

CVE-2023-28879
https://nvd.nist.gov/vuln/detail/CVE-2023-28879
https://artifex.com/news/critical-security-vulnerability-fixed-in-ghostscript

fc1f6658-4f53-11e5-934b-002590263bf5

ghostscript -- denial of service (crash) via crafted Postscript files

MITRE reports:

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

Discovery 2015-06-17
Entry 2015-09-01
Modified 2015-09-02
ghostscript7
ghostscript7-nox11
ghostscript7-base
ghostscript7-x11

< 7.07_32

ghostscript8
ghostscript8-nox11
ghostscript8-base
ghostscript8-x11

< 8.71_19

ghostscript9
ghostscript9-nox11
ghostscript9-base
ghostscript9-x11

< 9.06_11

ghostscript9-agpl
ghostscript9-agpl-nox11

< 9.15_2

ghostscript9-agpl-base
ghostscript9-agpl-x11

< 9.16_2

CVE-2015-3228
http://bugs.ghostscript.com/show_bug.cgi?id=696041
http://bugs.ghostscript.com/show_bug.cgi?id=696070
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859