http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15

DSA-3986

99987

https://bugs.ghostscript.com/show_bug.cgi?id=698063

GLSA-201811-12

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The PS Interpreter in Ghostscript 9.18 and 9.20 allows     remote attackers to execute arbitrary code via crafted     userparams.(CVE-2016-7976)

  - ghostscript before version 9.21 is vulnerable to a heap     based buffer overflow that was found in the ghostscript     jbig2_decode_gray_scale_image function which is used to     decode halftone segments in a JBIG2 image. A document     (PostScript or PDF) with an embedded, specially     crafted, jbig2 image could trigger a segmentation fault     in ghostscript.(CVE-2016-9601)

  - Artifex jbig2dec 0.13 allows out-of-bounds writes and     reads because of an integer overflow in the     jbig2_image_compose function in jbig2_image.c during     operations on a crafted .jb2 file, leading to a denial     of service (application crash) or disclosure of     sensitive information from process     memory.(CVE-2017-7976)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - libjbig2dec.a in Artifex jbig2dec 0.13, as used in     MuPDF and Ghostscript, has a NULL pointer dereference     in the jbig2_huffman_get function in jbig2_huffman.c.
    For example, the jbig2dec utility will crash     (segmentation fault) when parsing an invalid     file.(CVE-2017-9216)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - Ghostscript is a set of software that provides a     PostScriptinterpreter, a set of C procedures (the     Ghostscript library, whichimplements the graphics     capabilities in the PostScript language) andan     interpreter for Portable Document Format (PDF) files.
    Ghostscripttranslates PostScript code into many common,     bitmapped formats, likethose understood by your printer     or screen. Ghostscript is normallyused to display     PostScript files and to print PostScript files     tonon-PostScript printers.If you need to display     PostScript files or print them tonon-PostScript     printers, you should install ghostscript. If youinstall     ghostscript, you also need to install the     ghostscript-fontspackage.Security Fix(es):The Ins_MDRP     function in base/ttinterp.c in Artifex Ghostscript     GhostXPS 9.21 allows remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document.(CVE-2017-9726)The gx_ttfReader__Read     function in base/gxttfb.c in Artifex Ghostscript     GhostXPS 9.21 allows remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document.(CVE-2017-9727)The Ins_JMPR function     in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21     allows remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document.(CVE-2017-9739)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer

  - dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Artifex jbig2dec 0.13 allows out-of-bounds writes and     reads because of an integer overflow in the     jbig2_image_compose function in jbig2_image.c during     operations on a crafted .jb2 file, leading to a denial     of service (application crash) or disclosure of     sensitive information from process     memory.(CVE-2017-7976)

  - psi/zfile.c in Artifex Ghostscript before 9.21rc1     permits the status command even if -dSAFER is used,     which might allow remote attackers to determine the     existence and size of arbitrary files, a similar issue     to CVE-2016-7977.(CVE-2018-11645)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The PS Interpreter in Ghostscript 9.18 and 9.20 allows     remote attackers to execute arbitrary code via crafted     userparams.(CVE-2016-7976)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - This vulnerability has been modified since it was last     analyzed by the NVD. It is awaiting reanalysis which     may result in further changes to the information     provided.(CVE-2016-10219)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A Division by Zero vulnerability in bj10v_print_page()     in contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16299)

  - A buffer overflow vulnerability in     pj_common_print_page() in devices/gdevpjet.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16288)

  - A buffer overflow vulnerability in cif_print_page() in     devices/gdevcif.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16289)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16290)

  - A buffer overflow vulnerability in mj_raster_cmd() in     contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16292)

  - A buffer overflow vulnerability in epsc_print_page() in     devices/gdevepsc.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16294)

  - A null pointer dereference vulnerability in     clj_media_size() in devices/gdevclj.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16295)

  - A buffer overflow vulnerability in GetNumWrongData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16296)

  - A buffer overflow vulnerability in     FloydSteinbergDitheringC() in contrib/gdevbjca.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16297)

  - A buffer overflow vulnerability in mj_color_correct()     in contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16298)

  - A buffer overflow vulnerability in tiff12_print_page()     in devices/gdevtfnx.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16300)

  - A buffer overflow vulnerability in okiibm_print_page1()     in devices/gdevokii.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16301)

  - A buffer overflow vulnerability in GetNumSameData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-17538)

  - A buffer overflow vulnerability in pcx_write_rle() in     contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16305)

  - A buffer overflow vulnerability in p_print_image() in     devices/gdevcdj.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16308)

  - A buffer overflow vulnerability in     lxm5700m_print_page() in devices/gdevlxm.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted eps file.
    (CVE-2020-16309)

  - A division by zero vulnerability in dot24_print_page()     in devices/gdevdm24.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16310)

  - A buffer overflow vulnerability in lprn_is_black() in     contrib/lips4/gdevlprn.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16287)

  - A buffer overflow vulnerability in contrib/gdevdj9.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16291)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     escalate privileges via a crafted PDF file.
    (CVE-2020-16302)

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201811-12 (GPL Ghostscript: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in GPL Ghostscript. Please       review the CVE identifiers referenced below for additional information.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted PostScript file or PDF document using GPL Ghostscript possibly       resulting in the execution of arbitrary code with the privileges of the       process, a Denial of Service condition, or other unspecified impacts,   Workaround :

    There is no known workaround at this time.

This update for ghostscript-library fixes several issues. These security issues were fixed :

  - CVE-2017-7207: The mem_get_bits_rectangle function     allowed remote attackers to cause a denial of service     (NULL pointer dereference) via a crafted PostScript     document (bsc#1030263).

  - CVE-2016-9601: Prevent heap-buffer overflow by checking     for an integer overflow in jbig2_image_new function     (bsc#1018128).

  - CVE-2017-9612: The Ins_IP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (use-after-free and application crash) or possibly have     unspecified other impact via a crafted document     (bsc#1050891)

  - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050889)

  - CVE-2017-9727: The gx_ttfReader__Read function in     base/gxttfb.c allowed remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document (bsc#1050888)

  - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050887)

  - CVE-2017-11714: psi/ztoken.c mishandled references to     the scanner state structure, which allowed remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted PostScript document, related to an out-of-bounds     read in the igc_reloc_struct_ptr function in psi/igc.c     (bsc#1051184)

  - CVE-2017-9835: The gs_alloc_ref_array function allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     PostScript document (bsc#1050879)

  - CVE-2016-10219: The intersect function in base/gxfill.c     allowed remote attackers to cause a denial of service     (divide-by-zero error and application crash) via a     crafted file (bsc#1032138)

  - CVE-2017-9216: Prevent NULL pointer dereference in the     jbig2_huffman_get function in jbig2_huffman.c which     allowed for DoS (bsc#1040643)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ghostscript fixes several issues. These security issues were fixed :

  - CVE-2017-9835: The gs_alloc_ref_array function allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     PostScript document (bsc#1050879).

  - CVE-2017-9216: Prevent NULL pointer dereference in the     jbig2_huffman_get function in jbig2_huffman.c which     allowed for DoS (bsc#1040643).

  - CVE-2016-10317: The fill_threshhold_buffer function in     base/gxht_thresh.c allowed remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript document (bsc#1032230).

  - CVE-2017-9612: The Ins_IP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (use-after-free and application crash) or possibly have     unspecified other impact via a crafted document     (bsc#1050891).

  - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050889).

  - CVE-2017-9727: The gx_ttfReader__Read function in     base/gxttfb.c allowed remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document (bsc#1050888).

  - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050887).

  - CVE-2017-11714: psi/ztoken.c mishandled references to     the scanner state structure, which allowed remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted PostScript document, related to an out-of-bounds     read in the igc_reloc_struct_ptr function in psi/igc.c     (bsc#1051184).

  - CVE-2016-10219: The intersect function in base/gxfill.c     allowed remote attackers to cause a denial of service     (divide-by-zero error and application crash) via a     crafted file (bsc#1032138).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ghostscript fixes several security issues :

  - CVE-2017-9835: The gs_alloc_ref_array function allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     PostScript document (bsc#1050879).

  - CVE-2017-9216: Prevent NULL pointer dereference in the     jbig2_huffman_get function in jbig2_huffman.c which     allowed for DoS (bsc#1040643).

  - CVE-2016-10317: The fill_threshhold_buffer function in     base/gxht_thresh.c allowed remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript document (bsc#1032230).

  - CVE-2017-9612: The Ins_IP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (use-after-free and application crash) or possibly have     unspecified other impact via a crafted document     (bsc#1050891).

  - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050889).

  - CVE-2017-9727: The gx_ttfReader__Read function in     base/gxttfb.c allowed remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document (bsc#1050888).

  - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050887).

  - CVE-2017-11714: psi/ztoken.c mishandled references to     the scanner state structure, which allowed remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted PostScript document, related to an out-of-bounds     read in the igc_reloc_struct_ptr function in psi/igc.c     (bsc#1051184).

  - CVE-2016-10219: The intersect function in base/gxfill.c     allowed remote attackers to cause a denial of service     (divide-by-zero error and application crash) via a     crafted file (bsc#1032138).

This update was imported from the SUSE:SLE-12:Update update project.

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed.

Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service.
(CVE-2017-11714)

Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. (CVE-2017-9611, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739)

Kim Gwan Yeong discovered an use-after-free vulnerability in Ghostscript. A remote attacker could use a crafted file to cause a denial of service. (CVE-2017-9612)

Kim Gwan Yeong discovered a lack of integer overflow check in Ghostscript. A remote attacker could use crafted PostScript document to cause a denial of service. (CVE-2017-9835).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues were found in Ghostscript, the GPL PostScript/PDF interpreter, which allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

For Debian 7 'Wheezy', these problems have been fixed in version 9.05~dfsg-6.3+deb7u7.

We recommend that you upgrade your ghostscript packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
153342	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2021-2372)	Nessus	Huawei Local Security Checks	high
151895	EulerOS Virtualization 3.0.2.2 : ghostscript (EulerOS-SA-2021-2135)	Nessus	Huawei Local Security Checks	high
151342	EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2021-2089)	Nessus	Huawei Local Security Checks	high
149171	EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2021-1788)	Nessus	Huawei Local Security Checks	high
147428	EulerOS Virtualization 3.0.2.6 : ghostscript (EulerOS-SA-2021-1434)	Nessus	Huawei Local Security Checks	high
147424	EulerOS Virtualization 3.0.6.6 : ghostscript (EulerOS-SA-2021-1476)	Nessus	Huawei Local Security Checks	high
146154	EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2021-1193)	Nessus	Huawei Local Security Checks	high
119132	GLSA-201811-12 : GPL Ghostscript: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
109572	SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:1140-1)	Nessus	SuSE Local Security Checks	high
106745	SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:0407-1)	Nessus	SuSE Local Security Checks	high
106744	openSUSE Security Update : ghostscript (openSUSE-2018-157)	Nessus	SuSE Local Security Checks	high
103578	Debian DSA-3986-1 : ghostscript - security update	Nessus	Debian Local Security Checks	high
102815	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : ghostscript vulnerabilities (USN-3403-1)	Nessus	Ubuntu Local Security Checks	high
102096	Debian DLA-1048-1 : ghostscript security update	Nessus	Debian Local Security Checks	high

CVE-2017-9739

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high