Advisories » MGASA-2018-0142

Updated ghostscript packages fix security vulnerability

Publication date: 25 Feb 2018
Modification date: 25 Feb 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2016-10317

Description

The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex
Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial
of service (heap-based buffer overflow and application crash) or possibly
have unspecified other impact via a crafted PostScript document
(CVE-2016-10317).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22590
• https://lists.opensuse.org/opensuse-updates/2018-02/msg00039.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10317

SRPMS

5/core

• ghostscript-9.22-1.2.mga5

6/core

• ghostscript-9.22-1.2.mga6