https://bugs.ghostscript.com/show_bug.cgi?id=701801

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2

https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece46870

[debian-lts-announce] 20200820 [SECURITY] [DLA 2335-1] ghostscript security update

GLSA-202008-20

USN-4469-1

DSA-4748

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A buffer overflow vulnerability in lprn_is_black() in     contrib/lips4/gdevlprn.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF     file.(CVE-2020-16287)

  - A buffer overflow vulnerability in     pj_common_print_page() in devices/gdevpjet.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF     file.(CVE-2020-16288)

  - A buffer overflow vulnerability in cif_print_page() in     devices/gdevcif.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file.(CVE-2020-16289)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF     file.(CVE-2020-16290)

  - A buffer overflow vulnerability in contrib/gdevdj9.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file.(CVE-2020-16291)

  - A buffer overflow vulnerability in mj_raster_cmd() in     contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF     file.(CVE-2020-16292)

  - A buffer overflow vulnerability in epsc_print_page() in     devices/gdevepsc.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file.(CVE-2020-16294)

  - A null pointer dereference vulnerability in     clj_media_size() in devices/gdevclj.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF     file.(CVE-2020-16295)

  - A buffer overflow vulnerability in GetNumWrongData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF     file.(CVE-2020-16296)

  - A buffer overflow vulnerability in     FloydSteinbergDitheringC() in contrib/gdevbjca.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file.(CVE-2020-16297)

  - A buffer overflow vulnerability in mj_color_correct()     in contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF     file.(CVE-2020-16298)

  - A Division by Zero vulnerability in bj10v_print_page()     in contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF     file.(CVE-2020-16299)

  - A buffer overflow vulnerability in tiff12_print_page()     in devices/gdevtfnx.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file.(CVE-2020-16300)

  - A buffer overflow vulnerability in okiibm_print_page1()     in devices/gdevokii.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file.(CVE-2020-16301)

  - A buffer overflow vulnerability in pcx_write_rle() in     contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF     file.(CVE-2020-16305)

  - A buffer overflow vulnerability in p_print_image() in     devices/gdevcdj.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file.(CVE-2020-16308)

  - A buffer overflow vulnerability in     lxm5700m_print_page() in devices/gdevlxm.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted eps     file.(CVE-2020-16309)

  - A division by zero vulnerability in dot24_print_page()     in devices/gdevdm24.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file.(CVE-2020-16310)

  - A buffer overflow vulnerability in GetNumSameData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF     file.(CVE-2020-17538)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     escalate privileges via a crafted PDF     file.(CVE-2020-16302)

  - The Ins_MIRP function in base/ttinterp.c in Artifex     Ghostscript GhostXPS 9.21 allows remote attackers to     cause a denial of service (heap-based buffer over-read     and application crash) or possibly have unspecified     other impact via a crafted document.(CVE-2017-9611)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - This package provides useful conversion utilities based     on Ghostscript software, for converting PS, PDF and     other document formats between each other. Ghostscript     is a suite of software providing an interpreter for     Adobe Systems' PostScript (PS) and Portable Document     Format (PDF) page description languages. Its primary     purpose includes displaying (rasterization & rendering)     and printing of document pages, as well as conversions     between different document formats.Security Fix(es):A     buffer overflow vulnerability in GetNumSameData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-17538)A division by zero vulnerability in     dot24_print_page() in devices/gdevdm24.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16310)A buffer overflow vulnerability in     lxm5700m_print_page() in devices/gdevlxm.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted eps file.
    (CVE-2020-16309)A buffer overflow vulnerability in     p_print_image() in devices/gdevcdj.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16308)A null pointer dereference     vulnerability in devices/vector/gdevtxtw.c and     psi/zbfont.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted postscript file. (CVE-2020-16307)A null     pointer dereference vulnerability in devices/gdevtsep.c     of Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted     postscript file. (CVE-2020-16306)A buffer overflow     vulnerability in pcx_write_rle() in     contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16305)A buffer overflow vulnerability in     image_render_color_thresh() in base/gxicolor.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to escalate privileges via a crafted eps file.
    (CVE-2020-16304)A buffer overflow vulnerability in     okiibm_print_page1() in devices/gdevokii.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16301)A buffer overflow vulnerability in     tiff12_print_page() in devices/gdevtfnx.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16300)A Division by Zero vulnerability in     bj10v_print_page() in contrib/japanese/gdev10v.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16299)A buffer overflow vulnerability     in mj_color_correct() in contrib/japanese/gdevmjc.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16298)A buffer overflow vulnerability     in FloydSteinbergDitheringC() in contrib/gdevbjca.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16297)A buffer overflow vulnerability     in GetNumWrongData() in contrib/lips4/gdevlips.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16296)A null pointer dereference     vulnerability in clj_media_size() in devices/gdevclj.c     of Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16295)A buffer overflow vulnerability     in epsc_print_page() in devices/gdevepsc.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16294)A null pointer dereference     vulnerability in     compose_group_nonknockout_nonblend_isolated_allmask_com     mon() in base/gxblend.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16293)A     buffer overflow vulnerability in mj_raster_cmd() in     contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16292)A buffer overflow vulnerability in     contrib/gdevdj9.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16291)A buffer     overflow vulnerability in jetp3852_print_page() in     devices/gdev3852.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16290)A     buffer overflow vulnerability in cif_print_page() in     devices/gdevcif.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16289)A buffer     overflow vulnerability in pj_common_print_page() in     devices/gdevpjet.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16288)A     buffer overflow vulnerability in lprn_is_black() in     contrib/lips4/gdevlprn.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16287)A use after free was found in     igc_reloc_struct_ptr() of psi/igc.c of     ghostscript-9.25. A local attacker could supply a     specially crafted PDF file to cause a denial of     service.(CVE-2020-14373)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A Division by Zero vulnerability in bj10v_print_page()     in contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16299)

  - A buffer overflow vulnerability in     pj_common_print_page() in devices/gdevpjet.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16288)

  - A buffer overflow vulnerability in cif_print_page() in     devices/gdevcif.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16289)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16290)

  - A buffer overflow vulnerability in mj_raster_cmd() in     contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16292)

  - A buffer overflow vulnerability in epsc_print_page() in     devices/gdevepsc.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16294)

  - A null pointer dereference vulnerability in     clj_media_size() in devices/gdevclj.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted PDF file.
    (CVE-2020-16295)

  - A buffer overflow vulnerability in GetNumWrongData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16296)

  - A buffer overflow vulnerability in     FloydSteinbergDitheringC() in contrib/gdevbjca.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16297)

  - A buffer overflow vulnerability in mj_color_correct()     in contrib/japanese/gdevmjc.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16298)

  - A buffer overflow vulnerability in tiff12_print_page()     in devices/gdevtfnx.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16300)

  - A buffer overflow vulnerability in okiibm_print_page1()     in devices/gdevokii.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16301)

  - A buffer overflow vulnerability in GetNumSameData() in     contrib/lips4/gdevlips.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-17538)

  - A buffer overflow vulnerability in pcx_write_rle() in     contrib/japanese/gdev10v.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16305)

  - A buffer overflow vulnerability in p_print_image() in     devices/gdevcdj.c of Artifex Software GhostScript v9.50     allows a remote attacker to cause a denial of service     via a crafted PDF file. (CVE-2020-16308)

  - A buffer overflow vulnerability in     lxm5700m_print_page() in devices/gdevlxm.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     cause a denial of service via a crafted eps file.
    (CVE-2020-16309)

  - A division by zero vulnerability in dot24_print_page()     in devices/gdevdm24.c of Artifex Software GhostScript     v9.50 allows a remote attacker to cause a denial of     service via a crafted PDF file. (CVE-2020-16310)

  - A buffer overflow vulnerability in lprn_is_black() in     contrib/lips4/gdevlprn.c of Artifex Software     GhostScript v9.50 allows a remote attacker to cause a     denial of service via a crafted PDF file.
    (CVE-2020-16287)

  - A buffer overflow vulnerability in contrib/gdevdj9.c of     Artifex Software GhostScript v9.50 allows a remote     attacker to cause a denial of service via a crafted PDF     file. (CVE-2020-16291)

  - A buffer overflow vulnerability in     jetp3852_print_page() in devices/gdev3852.c of Artifex     Software GhostScript v9.50 allows a remote attacker to     escalate privileges via a crafted PDF file.
    (CVE-2020-16302)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202008-20 (GPL Ghostscript: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in GPL Ghostscript. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Artifex Ghostscript installed on the remote Windows host is 9.50. It is, therefore, affected by multiple vulnerabilities:

  - A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software     GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. (CVE-2020-16302)

  - A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software     GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. (CVE-2020-16303)

  - A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software     GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. (CVE-2020-16304)

Additionally, the version of Artifex Ghostscript installed is affected by multiple buffer overflow vulnerabilities which could allow an attacker to cause a denial of service via a crafted file.

Multiple vulnerabilities were found in ghostscript, an interpreter for the PostScript language and for PDF, allowing an attacker to escalate privileges and cause denial of service via crafted PS/EPS/PDF files.

For Debian 9 stretch, these problems have been fixed in version 9.26a~dfsg-0+deb9u7.

We recommend that you upgrade your ghostscript packages.

For the detailed security status of ghostscript please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/ghostscript

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
142263	EulerOS 2.0 SP2 : ghostscript (EulerOS-SA-2020-2344)	Nessus	Huawei Local Security Checks	medium
142175	EulerOS 2.0 SP8 : ghostscript (EulerOS-SA-2020-2309)	Nessus	Huawei Local Security Checks	medium
142120	EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2020-2282)	Nessus	Huawei Local Security Checks	medium
140068	GLSA-202008-20 : GPL Ghostscript: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
139812	Debian DSA-4748-1 : ghostscript - security update	Nessus	Debian Local Security Checks	medium
139782	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Ghostscript vulnerabilities (USN-4469-1)	Nessus	Ubuntu Local Security Checks	medium
139748	Artifex Ghostscript 9.50 Multiple Vulnerabilities	Nessus	Windows	medium
139735	Debian DLA-2335-1 : ghostscript security update	Nessus	Debian Local Security Checks	medium

CVE-2020-16299

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins