Debian Ghostscript vulnerabilities

CVE-2017-11714 [HIGH] CVE-2017-11714: ghostscript - psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner st... psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. Scope: local bookworm: resolv

CVE-2017-7207 [MEDIUM] CVE-2017-7207: ghostscript - The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 a... The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. Scope: local bookworm: resolved (fixed in 9.20~dfsg-3) bullseye: resolved (fixed in 9.20~dfsg-3) forky: resolved (fixed in 9.20~dfsg-3) sid: resolved (fixed in 9.20~dfsg-

CVE-2017-5951 [MEDIUM] CVE-2017-5951: ghostscript - The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. ... The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 9.20~dfsg-3.1) bullseye: resolved (fixed in 9.20~dfsg-3.1) forky: resolved (fixed in 9.20~dfsg-3.1) sid

CVE-2017-15652 [MEDIUM] CVE-2017-15652: ghostscript - Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obta... Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affe

CVE-2017-9620 [HIGH] CVE-2017-9620: ghostscript - The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript Gh... The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1

CVE-2017-9619 [HIGH] CVE-2017-9619: ghostscript - The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript... The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fixed in 9.22~dfsg-1) sid: resolved (

CVE-2017-9610 [HIGH] CVE-2017-9610: ghostscript - The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS... The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resol

CVE-2017-6196 [HIGH] CVE-2017-6196: ghostscript - Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in b... Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document. Scope: local bookworm: resolved bullseye: resolved forky: r

CVE-2017-9618 [HIGH] CVE-2017-9618: ghostscript - The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS... The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fixed i

CVE-2017-9740 [HIGH] CVE-2017-9740: ghostscript - The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript Gh... The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky:

CVE-2017-7948 [HIGH] CVE-2017-7948: ghostscript - Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows r... Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fixed

CVE-2017-8908 [MEDIUM] CVE-2017-8908: ghostscript - The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote... The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-1) bullseye: resolved (fixed in 9.22~dfsg-1) forky: resolved (fixed in 9.22~dfsg-1) sid: resolved (fixed in 9.22~dfsg-1) trixie: resolve

CVE-2016-7979 [CRITICAL] CVE-2016-7979: ghostscript - Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode pr... Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. Scope: local bookworm: resolved (fixed in 9.19~dfsg-3.1) bullseye: resolved (fixed in 9.19~dfsg-3.1) forky: resolved (fixed in 9.19~dfsg-3.1) sid: resolved (fixed in 9

CVE-2016-7978 [CRITICAL] CVE-2016-7978: ghostscript - Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to... Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Scope: local bookworm: resolved (fixed in 9.19~dfsg-3.1) bullseye: resolved (fixed in 9.19~dfsg-3.1) forky: resolved (fixed in 9.19~dfsg-3.1) sid: resolved (fixed in 9.19~dfsg-3.1) trixie: resolved (fixe

CVE-2016-7976 [HIGH] CVE-2016-7976: ghostscript - The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execu... The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. Scope: local bookworm: resolved (fixed in 9.19~dfsg-3.1) bullseye: resolved (fixed in 9.19~dfsg-3.1) forky: resolved (fixed in 9.19~dfsg-3.1) sid: resolved (fixed in 9.19~dfsg-3.1) trixie: resolved (fixed in 9.19~dfsg-3.1)

CVE-2016-8602 [HIGH] CVE-2016-8602: ghostscript - The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remot... The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. Scope: local bookworm: resolved (fixed in 9.19~dfsg-3.1) bullseye: resolved (fixed in 9.19~dfsg-3.1) f

CVE-2016-10317 [HIGH] CVE-2016-10317: ghostscript - The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, I... The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. Scope: local bookworm: resolved (fixed in 9.22~dfsg-2.1) bullseye: resolved (fixed

CVE-2016-7977 [MEDIUM] CVE-2016-7977: ghostscript - Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode pr... Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. Scope: local bookworm: resolved (fixed in 9.19~dfsg-3.1) bullseye: resolved (fixed in 9.19~dfsg-3.1) forky: resolved (fixed in 9.19~dfsg-3.1) sid: resolved

CVE-2016-10219 [MEDIUM] CVE-2016-10219: ghostscript - The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.... The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. Scope: local bookworm: resolved (fixed in 9.20~dfsg-3.1) bullseye: resolved (fixed in 9.20~dfsg-3.1) forky: resolved (fixed in 9.20~dfsg-3.1) sid: resolved (fixe

CVE-2016-10220 [MEDIUM] CVE-2016-10220: ghostscript - The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.... The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. Scope: local bookworm: resolved (fixed in 9.20~dfsg-3.1) bullseye: resolved (fixed in 9.20~d