[3.7] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)
CVE-2018-10194: The set_text_distance function in
devices/vector/gdevpdts.c in the pdfwrite component in Artifex
Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation,
which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PDF document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
http://www.openwall.com/lists/oss-security/2018/04/19/5
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
CVE-2018-15908: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers are able to supply malicious
PostScript files to bypass .tempfile restrictions and write files.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15908
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a
type confusion using the .shfill operator could be used by
attackers able to supply crafted PostScript files to crash the
interpreter or potentially execute code.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15909
Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
CVE-2018-15910: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers able to supply crafted PostScript files
could use a type confusion in the LockDistillerParams parameter to crash
the interpreter or execute code.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15910
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24,
attackers able to supply crafted PostScript could use uninitialized
memory access in the aesdecode operator to crash the interpreter or
potentially execute code.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15911
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
(from redmine: issue id 9384, created on 2018-09-04, closed on 2018-09-20)
- Relations:
- parent #9381 (closed)
- Changesets:
- Revision 0c81d393 by Andy Postnikov on 2018-09-20T08:02:07Z:
main/ghostscript: security upgrade to 9.24
CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911
CVE-2018-10194
fixes #9384
(cherry picked from commit c13758613f3110e14c2e9eda818406f235d996c1)