http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066

DSA-3986

99991

https://bugs.ghostscript.com/show_bug.cgi?id=697985

GLSA-201811-12

According to the versions of the ghostscript package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer

  - dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - This vulnerability has been modified since it was last     analyzed by the NVD. It is awaiting reanalysis which     may result in further changes to the information     provided.(CVE-2016-10219)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A Division by Zero vulnerability in bj10v_print_page()     in contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16299)

  - A buffer overflow vulnerability in     pj_common_print_page() in devices/gdevpjet.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16288)

  - A buffer overflow vulnerability in cif_print_page() in     devices/gdevcif.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16289)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16290)

  - A buffer overflow vulnerability in mj_raster_cmd() in     contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16292)

  - A buffer overflow vulnerability in epsc_print_page() in     devices/gdevepsc.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16294)

  - A null pointer dereference vulnerability in     clj_media_size() in devices/gdevclj.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16295)

  - A buffer overflow vulnerability in GetNumWrongData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16296)

  - A buffer overflow vulnerability in     FloydSteinbergDitheringC() in contrib/gdevbjca.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16297)

  - A buffer overflow vulnerability in mj_color_correct()     in contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16298)

  - A buffer overflow vulnerability in tiff12_print_page()     in devices/gdevtfnx.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16300)

  - A buffer overflow vulnerability in okiibm_print_page1()     in devices/gdevokii.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16301)

  - A buffer overflow vulnerability in GetNumSameData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-17538)

  - A buffer overflow vulnerability in pcx_write_rle() in     contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16305)

  - A buffer overflow vulnerability in p_print_image() in     devices/gdevcdj.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16308)

  - A buffer overflow vulnerability in     lxm5700m_print_page() in devices/gdevlxm.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted eps file.
    (CVE-2020-16309)

  - A division by zero vulnerability in dot24_print_page()     in devices/gdevdm24.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16310)

  - A buffer overflow vulnerability in lprn_is_black() in     contrib/lips4/gdevlprn.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16287)

  - A buffer overflow vulnerability in contrib/gdevdj9.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16291)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     escalate privileges via a crafted PDF file.
    (CVE-2020-16302)

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The Ins_IP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (use-after-free and     application crash) or possibly have unspecified other     impact via a crafted document.(CVE-2017-9612)

  - The Ins_MDRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9726)

  - The gx_ttfReader__Read function in base/gxttfb.c in     Artifex Ghostscript GhostXPS 9.21 allows remote     attackers to cause a denial of service (heap-based     buffer over-read and application crash) or possibly     have unspecified other impact via a crafted     document.(CVE-2017-9727)

  - The Ins_JMPR function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9739)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Artifex jbig2dec 0.13 has a heap-based buffer over-read     leading to denial of service (application crash) or     disclosure of sensitive information from process     memory, because of an integer overflow in the     jbig2_decode_symbol_dict function in     jbig2_symbol_dict.c in libjbig2dec.a during operation     on a crafted .jb2 file.(CVE-2017-7885)

  - Artifex jbig2dec 0.13, as used in Ghostscript, allows     out-of-bounds writes because of an integer overflow in     the jbig2_build_huffman_table function in     jbig2_huffman.c during operations on a crafted JBIG2     file, leading to a denial of service (application     crash) or possibly execution of arbitrary     code.(CVE-2017-7975)

  - ghostscript before version 9.21 is vulnerable to a heap     based buffer overflow that was found in the ghostscript     jbig2_decode_gray_scale_image function which is used to     decode halftone segments in a JBIG2 image. A document     (PostScript or PDF) with an embedded, specially     crafted, jbig2 image could trigger a segmentation fault     in ghostscript.(CVE-2016-9601)

  - libjbig2dec.a in Artifex jbig2dec 0.13, as used in     MuPDF and Ghostscript, has a NULL pointer dereference     in the jbig2_huffman_get function in jbig2_huffman.c.
    For example, the jbig2dec utility will crash     (segmentation fault) when parsing an invalid     file.(CVE-2017-9216)

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In Artifex Ghostscript before 9.26, a carefully crafted     PDF file can trigger an extremely long running     computation when parsing the file.(CVE-2018-19478)

  - The gs_makewordimagedevice function in base/gsdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file that is mishandled in the PDF Transparency     module.(CVE-2016-10220)

  - Artifex jbig2dec 0.13 has a heap-based buffer over-read     leading to denial of service (application crash) or     disclosure of sensitive information from process     memory, because of an integer overflow in the     jbig2_decode_symbol_dict function in     jbig2_symbol_dict.c in libjbig2dec.a during operation     on a crafted .jb2 file.(CVE-2017-7885)

  - Artifex jbig2dec 0.13, as used in Ghostscript, allows     out-of-bounds writes because of an integer overflow in     the jbig2_build_huffman_table function in     jbig2_huffman.c during operations on a crafted JBIG2     file, leading to a denial of service (application     crash) or possibly execution of arbitrary     code.(CVE-2017-7975)

  - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles     references to the scanner state structure, which allows     remote attackers to cause a denial of service     (application crash) or possibly have unspecified other     impact via a crafted PostScript document, related to an     out-of-bounds read in the igc_reloc_struct_ptr function     in psi/igc.c.(CVE-2017-11714)

  - The gs_alloc_ref_array function in psi/ialloc.c in     Artifex Ghostscript 9.21 allows remote attackers to     cause a denial of service (heap-based buffer overflow     and application crash) or possibly have unspecified     other impact via a crafted PostScript document. This is     related to a lack of an integer overflow check in     base/gsalloc.c.(CVE-2017-9835)

  - The pdf14_pop_transparency_group function in     base/gdevp14.c in the PDF Transparency module in     Artifex Software, Inc. Ghostscript 9.20 allows remote     attackers to cause a denial of service (NULL pointer     dereference and application crash) via a crafted     file.(CVE-2016-10218)

  - The fill_threshhold_buffer function in     base/gxht_thresh.c in Artifex Software, Inc.
    Ghostscript 9.20 allows remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript     document.(CVE-2016-10317)

  - The pdf14_open function in base/gdevp14.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (use-after-free and     application crash) via a crafted file that is     mishandled in the color management     module.(CVE-2016-10217)

  - The intersect function in base/gxfill.c in Artifex     Software, Inc. Ghostscript 9.20 allows remote attackers     to cause a denial of service (divide-by-zero error and     application crash) via a crafted file.(CVE-2016-10219)

  - The mem_get_bits_rectangle function in base/gdevmem.c     in Artifex Software, Inc. Ghostscript 9.20 allows     remote attackers to cause a denial of service (NULL     pointer dereference and application crash) via a     crafted file.(CVE-2017-5951)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201811-12 (GPL Ghostscript: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in GPL Ghostscript. Please       review the CVE identifiers referenced below for additional information.
  Impact :

    A context-dependent attacker could entice a user to open a specially       crafted PostScript file or PDF document using GPL Ghostscript possibly       resulting in the execution of arbitrary code with the privileges of the       process, a Denial of Service condition, or other unspecified impacts,   Workaround :

    There is no known workaround at this time.

This update for ghostscript-library fixes several issues. These security issues were fixed :

  - CVE-2017-7207: The mem_get_bits_rectangle function     allowed remote attackers to cause a denial of service     (NULL pointer dereference) via a crafted PostScript     document (bsc#1030263).

  - CVE-2016-9601: Prevent heap-buffer overflow by checking     for an integer overflow in jbig2_image_new function     (bsc#1018128).

  - CVE-2017-9612: The Ins_IP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (use-after-free and application crash) or possibly have     unspecified other impact via a crafted document     (bsc#1050891)

  - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050889)

  - CVE-2017-9727: The gx_ttfReader__Read function in     base/gxttfb.c allowed remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document (bsc#1050888)

  - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050887)

  - CVE-2017-11714: psi/ztoken.c mishandled references to     the scanner state structure, which allowed remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted PostScript document, related to an out-of-bounds     read in the igc_reloc_struct_ptr function in psi/igc.c     (bsc#1051184)

  - CVE-2017-9835: The gs_alloc_ref_array function allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     PostScript document (bsc#1050879)

  - CVE-2016-10219: The intersect function in base/gxfill.c     allowed remote attackers to cause a denial of service     (divide-by-zero error and application crash) via a     crafted file (bsc#1032138)

  - CVE-2017-9216: Prevent NULL pointer dereference in the     jbig2_huffman_get function in jbig2_huffman.c which     allowed for DoS (bsc#1040643)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ghostscript fixes several issues. These security issues were fixed :

  - CVE-2017-9835: The gs_alloc_ref_array function allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     PostScript document (bsc#1050879).

  - CVE-2017-9216: Prevent NULL pointer dereference in the     jbig2_huffman_get function in jbig2_huffman.c which     allowed for DoS (bsc#1040643).

  - CVE-2016-10317: The fill_threshhold_buffer function in     base/gxht_thresh.c allowed remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript document (bsc#1032230).

  - CVE-2017-9612: The Ins_IP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (use-after-free and application crash) or possibly have     unspecified other impact via a crafted document     (bsc#1050891).

  - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050889).

  - CVE-2017-9727: The gx_ttfReader__Read function in     base/gxttfb.c allowed remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document (bsc#1050888).

  - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050887).

  - CVE-2017-11714: psi/ztoken.c mishandled references to     the scanner state structure, which allowed remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted PostScript document, related to an out-of-bounds     read in the igc_reloc_struct_ptr function in psi/igc.c     (bsc#1051184).

  - CVE-2016-10219: The intersect function in base/gxfill.c     allowed remote attackers to cause a denial of service     (divide-by-zero error and application crash) via a     crafted file (bsc#1032138).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for ghostscript fixes several security issues :

  - CVE-2017-9835: The gs_alloc_ref_array function allowed     remote attackers to cause a denial of service     (heap-based buffer overflow and application crash) or     possibly have unspecified other impact via a crafted     PostScript document (bsc#1050879).

  - CVE-2017-9216: Prevent NULL pointer dereference in the     jbig2_huffman_get function in jbig2_huffman.c which     allowed for DoS (bsc#1040643).

  - CVE-2016-10317: The fill_threshhold_buffer function in     base/gxht_thresh.c allowed remote attackers to cause a     denial of service (heap-based buffer overflow and     application crash) or possibly have unspecified other     impact via a crafted PostScript document (bsc#1032230).

  - CVE-2017-9612: The Ins_IP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (use-after-free and application crash) or possibly have     unspecified other impact via a crafted document     (bsc#1050891).

  - CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050889).

  - CVE-2017-9727: The gx_ttfReader__Read function in     base/gxttfb.c allowed remote attackers to cause a denial     of service (heap-based buffer over-read and application     crash) or possibly have unspecified other impact via a     crafted document (bsc#1050888).

  - CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c     allowed remote attackers to cause a denial of service     (heap-based buffer over-read and application crash) or     possibly have unspecified other impact via a crafted     document (bsc#1050887).

  - CVE-2017-11714: psi/ztoken.c mishandled references to     the scanner state structure, which allowed remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted PostScript document, related to an out-of-bounds     read in the igc_reloc_struct_ptr function in psi/igc.c     (bsc#1051184).

  - CVE-2016-10219: The intersect function in base/gxfill.c     allowed remote attackers to cause a denial of service     (divide-by-zero error and application crash) via a     crafted file (bsc#1032138).

This update was imported from the SUSE:SLE-12:Update update project.

Several vulnerabilities were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service if a specially crafted Postscript file is processed.

Kamil Frankowicz discovered that Ghostscript mishandles references. A remote attacker could use this to cause a denial of service.
(CVE-2017-11714)

Kim Gwan Yeong discovered that Ghostscript could allow a heap-based buffer over-read and application crash. A remote attacker could use a crafted document to cause a denial of service. (CVE-2017-9611, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739)

Kim Gwan Yeong discovered an use-after-free vulnerability in Ghostscript. A remote attacker could use a crafted file to cause a denial of service. (CVE-2017-9612)

Kim Gwan Yeong discovered a lack of integer overflow check in Ghostscript. A remote attacker could use crafted PostScript document to cause a denial of service. (CVE-2017-9835).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several issues were found in Ghostscript, the GPL PostScript/PDF interpreter, which allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document.

For Debian 7 'Wheezy', these problems have been fixed in version 9.05~dfsg-6.3+deb7u7.

We recommend that you upgrade your ghostscript packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
151342	EulerOS Virtualization for ARM 64 3.0.2.0 : ghostscript (EulerOS-SA-2021-2089)	Nessus	Huawei Local Security Checks	high
147428	EulerOS Virtualization 3.0.2.6 : ghostscript (EulerOS-SA-2021-1434)	Nessus	Huawei Local Security Checks	high
147424	EulerOS Virtualization 3.0.6.6 : ghostscript (EulerOS-SA-2021-1476)	Nessus	Huawei Local Security Checks	high
146154	EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2021-1193)	Nessus	Huawei Local Security Checks	high
132121	EulerOS 2.0 SP3 : ghostscript (EulerOS-SA-2019-2586)	Nessus	Huawei Local Security Checks	high
131862	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2019-2370)	Nessus	Huawei Local Security Checks	high
119132	GLSA-201811-12 : GPL Ghostscript: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
109572	SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2018:1140-1)	Nessus	SuSE Local Security Checks	high
106745	SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:0407-1)	Nessus	SuSE Local Security Checks	high
106744	openSUSE Security Update : ghostscript (openSUSE-2018-157)	Nessus	SuSE Local Security Checks	high
103578	Debian DSA-3986-1 : ghostscript - security update	Nessus	Debian Local Security Checks	high
102815	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : ghostscript vulnerabilities (USN-3403-1)	Nessus	Ubuntu Local Security Checks	high
102096	Debian DLA-1048-1 : ghostscript security update	Nessus	Debian Local Security Checks	high

CVE-2017-9835

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high