{"id":"MGASA-2017-0133","summary":"Updated ghostscript packages fix security vulnerability","details":"Various userparams in Ghostscript allow %pipe% in paths, allowing remote\nshell command execution (CVE-2016-7976).\n\nThe .libfile function in Ghostscript doesn't check PermitFileReading\narray, allowing remote file disclosure (CVE-2016-7977).\n\nReference leak in the .setdevice function in Ghostscript allows\nuse-after-free and remote code execution (CVE-2016-7978).\n\nType confusion in the .initialize_dsc_parser function in Ghostscript\nallows remote code execution (CVE-2016-7979).\n\nThe .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21\nallows remote attackers to cause a denial of service (application crash)\nor possibly execute arbitrary code via a crafted Postscript document\nthat calls .sethalftone5 with an empty operand stack (CVE-2016-8602).\n\nA heap based buffer overflow was found in the ghostscript\njbig2_decode_gray_scale_image() function used to decode halftone segments\nin a JBIG2 image. A document (PostScript or PDF) with an embedded,\nspecially crafted, jbig2 image could trigger a segmentation fault in\nghostscript (CVE-2016-9601).\n\nThe pdf14_open function in base/gdevp14.c in Ghostscript 9.20 allows\nremote attackers to cause a denial of service (use-after-free and\napplication crash) via a crafted file that is mishandled in the color\nmanagement module (CVE-2016-10217).\n\nThe pdf14_pop_transparency_group function in base/gdevp14.c in the PDF\nTransparency module in Ghostscript 9.20 allows remote attackers to cause\na denial of service (NULL pointer dereference and application crash) via\na crafted file (CVE-2016-10218).\n\nThe intersect function in base/gxfill.c in Ghostscript 9.20 allows\nremote attackers to cause a denial of service (divide-by-zero error and\napplication crash) via a crafted file (CVE-2016-10219).\n\nThe gs_makewordimagedevice function in base/gsdevmem.c in Ghostscript\n9.20 allows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted file that is mishandled\nin the PDF Transparency module (CVE-2016-10220).\n\nThe mem_get_bits_rectangle function in base/gdevmem.c in Ghostscript\n9.20 allows remote attackers to cause a denial of service (NULL pointer\ndereference and application crash) via a crafted file (CVE-2017-5951).\n\nThe mem_get_bits_rectangle function in Ghostscript 9.20 allows remote\nattackers to cause a denial of service (NULL pointer dereference) via a\ncrafted PostScript document (CVE-2017-7207).\n\nGhostscript through 2017-04-26 allows -dSAFER bypass and remote command\nexecution via .rsdparams type confusion with a \"/OutputFile (%pipe%\"\nsubstring in a crafted .eps document that is an input to the gs program\n(CVE-2017-8291).\n","modified":"2026-01-30T20:00:19.909082Z","published":"2017-05-07T22:16:00Z","related":["CVE-2016-10217","CVE-2016-10218","CVE-2016-10219","CVE-2016-10220","CVE-2016-7976","CVE-2016-7977","CVE-2016-7978","CVE-2016-7979","CVE-2016-8602","CVE-2016-9601","CVE-2017-5951","CVE-2017-7207","CVE-2017-8291"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0133.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19542"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2016/10/05/15"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IJ3D6O5XHLO4UJVJETVCWPIWWWV6LQUE/"}],"affected":[{"package":{"name":"ghostscript","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/ghostscript?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.20-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0133.json"}},{"package":{"name":"gutenprint","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gutenprint?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.2.10-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0133.json"}},{"package":{"name":"libspectre","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libspectre?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.7-5.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0133.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}