{
  "schema_version": "1.7.0",
  "id": "MGASA-2020-0344",
  "published": "2020-08-25T08:13:25Z",
  "modified": "2020-08-25T07:40:02Z",
  "summary": "Updated ghostscript packages fix security vulnerabilities",
  "details": "The updated packages fix security vulnerabilities:\n\nA buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16287)\n\nA buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16288)\n\nA buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16289)\n\nA buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16290)\n\nA buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software\nGhostScript v9.50 allows a remote attacker to cause a denial of service via\na crafted PDF file. (CVE-2020-16291)\n\nA buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16292)\n\nA null pointer dereference vulnerability in\ncompose_group_nonknockout_nonblend_isolated_allmask_common()\nin base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote\nattacker to cause a denial of service via a crafted PDF file. (CVE-2020-16293)\n\nA buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16294)\n\nA null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16295)\n\nA buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16296)\n\nA buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16297)\n\nA buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16298)\n\nA Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16299)\n\nA buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16300)\n\nA buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16301)\n\nA buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to escalate\nprivileges via a crafted PDF file. (CVE-2020-16302)\n\nA use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c\nof Artifex Software GhostScript v9.50 allows a remote attacker\nto escalate privileges via a crafted PDF file. (CVE-2020-16303)\n\nA buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c\nof Artifex Software GhostScript v9.50 allows a remote attacker\nto escalate privileges via a crafted eps file. (CVE-2020-16304)\n\nA buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause \na denial of service via a crafted PDF file. (CVE-2020-16305)\n\nA null pointer dereference vulnerability in devices/gdevtsep.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted postscript file. (CVE-2020-16306)\n\nA null pointer dereference vulnerability in devices/vector/gdevtxtw.c\nand psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote \nattacker to cause a denial of service via a crafted postscript file.\n(CVE-2020-16307)\n\nA buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16308)\n\nA buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted eps file. (CVE-2020-16309)\n\nA division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c\nof Artifex Software GhostScript v9.50 allows a remote attacker to cause\na denial of service via a crafted PDF file. (CVE-2020-16310)\n\nA buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c \nof Artifex Software GhostScript v9.50 allows a remote attacker\nto cause a denial of service via a crafted PDF file. (CVE-2020-17538)\n",
  "upstream": [
    "CVE-2020-16287",
    "CVE-2020-16288",
    "CVE-2020-16289",
    "CVE-2020-16290",
    "CVE-2020-16291",
    "CVE-2020-16292",
    "CVE-2020-16293",
    "CVE-2020-16294",
    "CVE-2020-16295",
    "CVE-2020-16296",
    "CVE-2020-16297",
    "CVE-2020-16298",
    "CVE-2020-16299",
    "CVE-2020-16300",
    "CVE-2020-16301",
    "CVE-2020-16302",
    "CVE-2020-16303",
    "CVE-2020-16304",
    "CVE-2020-16305",
    "CVE-2020-16306",
    "CVE-2020-16307",
    "CVE-2020-16308",
    "CVE-2020-16309",
    "CVE-2020-16310",
    "CVE-2020-17538"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2020-0344.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=27169"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/lts/security/2020/dla-2335"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:7",
        "name": "ghostscript",
        "purl": "pkg:rpm/mageia/ghostscript?arch=source&distro=mageia-7"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.27-1.6.mga7"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}