Advisories ยป MGASA-2017-0430

Updated ghostscript packages fix security vulnerabilities

Publication date: 29 Nov 2017
Modification date: 29 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6196 , CVE-2017-7948 , CVE-2017-8908 , CVE-2017-9216 , CVE-2017-9610 , CVE-2017-9618 , CVE-2017-9619 , CVE-2017-9620 , CVE-2017-9740

Description

Multiple use-after-free vulnerabilities in the gx_image_enum_begin
function in base/gxipixel.c in Ghostscript before
ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified
other impact via a crafted PostScript document. (CVE-2017-6196)

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
write and application crash) or possibly have unspecified other impact
via a crafted PostScript document. (CVE-2017-7948)

The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
read) via a crafted PostScript document. (CVE-2017-8908)

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get
function in jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.
(CVE-2017-9216)

The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) or possibly have
unspecified other impact via a crafted document. (CVE-2017-9610)

The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9618)

The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (Segmentation Violation and application crash) via a crafted
file. (CVE-2017-9619)

The xps_select_font_encoding function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document, related to the
xps_encode_font_char_imp function. (CVE-2017-9620)

The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document. (CVE-2017-9740)
                

References

SRPMS

5/core

6/core