[3.7] ghostscript: Multiple vulnerabilities (CVE-2017-9611, CVE-2017-9612, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739, CVE-2017-9835, CVE-2017-11714)
CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause
a denial of service (heap-based buffer over-read and application crash)
or possibly have unspecified other impact via a crafted document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9611
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe
CVE-2017-9612: The Ins_IP function in base/ttinterp.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial
of service (use-after-free and application crash) or possibly have
unspecified other impact via a crafted document.
References:
https://bugs.ghostscript.com/show\_bug.cgi?id=698026
https://nvd.nist.gov/vuln/detail/CVE-2017-9612
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c
CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service
(heap-based buffer over-read and application crash) or possibly have
unspecified other impact via a crafted document.
References:
https://bugs.ghostscript.com/show\_bug.cgi?id=698055
https://nvd.nist.gov/vuln/detail/CVE-2017-9726
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b
CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c
in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause
a
denial of service (heap-based buffer over-read and application crash) or
possibly have unspecified other impact via a crafted document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9727
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b
CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial
of service (heap-based buffer over-read and application crash) or
possibly have unspecified other impact via a crafted document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9739
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15
CVE-2017-9835: The gs_alloc_ref_array function in psi/ialloc.c in
Artifex Ghostscript 9.21 allows remote attackers to cause a denial of
service (heap-based buffer overflow and application crash) or possibly
have unspecified other impact via a crafted PostScript document.
This is related to a lack of an integer overflow check in
base/gsalloc.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9835
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066
CVE-2017-11714: psi/ztoken.c in Artifex Ghostscript 9.21 mishandles
references to the scanner state structure, which allows remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted PostScript document,
related to an out-of-bounds read in the igc_reloc_struct_ptr function
in psi/igc.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11714
Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa
(from redmine: issue id 7992, created on 2017-10-10, closed on 2017-10-11)
- Relations:
- parent #7991 (closed)
- Changesets:
- Revision 422aa783 by Francesco Colista on 2017-10-11T06:58:22Z:
main/ghostscript: security upgrade to 9.22. Fixes #7992