Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for ghostscript

This update for ghostscript fixes the following security vulnerabilities:

CVE-2017-8291: A remote command execution and a -dSAFER bypass via a crafted .eps document were
exploited in the wild. (bsc#1036453)

CVE-2016-9601: An integer overflow in the bundled jbig2dec library could have been misused to cause
a Denial-of-Service. (bsc#1018128)

CVE-2016-10220: A NULL pointer dereference in the PDF Transparency module allowed remote attackers
to cause a Denial-of-Service. (bsc#1032120)

CVE-2017-5951: A NULL pointer dereference allowed remote attackers to cause a denial of service
via a crafted PostScript document. (bsc#1032114)

CVE-2017-7207: A NULL pointer dereference allowed remote attackers to cause a denial of service
via a crafted PostScript document. (bsc#1030263)

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1032120
VUL-1: CVE-2016-10220: ghostscript: The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.Ghostscript 9.20 al...
bnc#1032114
VUL-1: CVE-2017-5951: ghostscript: The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.Ghostscript 9.20 all...
bnc#1018128
VUL-1: CVE-2016-9601: ghostscript,ghostscript-library,jbig2dec: Heap-buffer overflow due to Integer overflow in jbig2_image_new function
bnc#1030263
VUL-1: CVE-2017-7207: ghostscript, ghostscript-library: The mem_get_bits_rectangle function allows remote attackers to cause a denial of service
bnc#1036453
EMU: VUL-0: CVE-2017-8291: ghostscript,ghostscript-library: Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remotecommand execution via a "/Ou...
CVE-2017-5951
CVE-2016-10220
CVE-2017-7207
CVE-2017-8291
CVE-2016-9601
Selected Binaries
openSUSE Build Service is sponsored by
Places