Updated ghostscript packages fix security vulnerabilities
Publication date: 29 Nov 2017Modification date: 29 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-6196 , CVE-2017-7948 , CVE-2017-8908 , CVE-2017-9216 , CVE-2017-9610 , CVE-2017-9618 , CVE-2017-9619 , CVE-2017-9620 , CVE-2017-9740
Description
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. (CVE-2017-6196) Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. (CVE-2017-7948) The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. (CVE-2017-8908) libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. (CVE-2017-9216) The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9610) The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9618) The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file. (CVE-2017-9619) The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. (CVE-2017-9620) The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. (CVE-2017-9740)
References
- https://bugs.mageia.org/show_bug.cgi?id=22052
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2QUCMGMEGU4TK3I5424ZFZYFJHEQRF4P/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6196
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7948
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8908
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9216
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9610
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9618
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9619
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9620
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9740
SRPMS
5/core
- ghostscript-9.22-1.mga5
6/core
- ghostscript-9.22-1.mga6