[3.2] ghostscript: Multiple vulnerabilities (CVE-2016-10217, CVE-2016-10218, CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291)
CVE-2016-10217: The pdf14_open function in base/gdevp14.c in
Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause
a denial of service
(use-after-free and application crash) via a crafted file that is
mishandled in the color management module.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10217
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
CVE-2016-10218: The pdf14_pop_transparency_group function in
base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc.
Ghostscript 9.20
allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10218
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
CVE-2016-10219: The intersect function in base/gxfill.c in Artifex
Software, Inc. Ghostscript 9.20 allows remote attackers to cause a
denial of service (divide-by-zero error and application crash) via a
crafted file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10219
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
CVE-2016-10220: The gs_makewordimagedevice function in
base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote
attackers
to cause a denial of service (NULL pointer dereference and application
crash) via a crafted file that is mishandled in the PDF Transparency
module.
References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10220
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
CVE-2017-5951: The mem_get_bits_rectangle function in
base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20
allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted file.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5951
Patch:
CVE-2017-7207: The mem_get_bits_rectangle function in Artifex
Software, Inc. Ghostscript 9.20 allows remote
attackers to cause a denial of service (NULL pointer dereference) via a
crafted PostScript document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-7207
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091
CVE-2017-8291: Artifex Ghostscript through 2017-04-26 allows -dSAFER
bypass and remote command execution via .
rsdparams type confusion with a “/OutputFile (pipe” substring in a
crafted .eps document that is an input to the gs program, as exploited
in the wild in April 2017.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8291
Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce1
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac
(from redmine: issue id 7313, created on 2017-05-22, closed on 2017-05-30)
- Relations:
- parent #7309 (closed)
- Changesets:
- Revision 84d9d1ac on 2017-05-30T13:38:46Z:
main/ghostscript: security upgrade (CVE-2017-5951, CVE-2017-7207, CVE-2017-8291). Fixes #7313