Описание
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ghostscript | fixed | 10.03.0~dfsg-1 | package | |
| ghostscript | not-affected | bullseye | package |
Примечания
https://bugs.ghostscript.com/show_bug.cgi?id=707510
https://www.openwall.com/lists/oss-security/2024/07/03/7
Introduced with: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=316c3a08269212f1005709da64efcb383f8f5ce0 (ghostpdl-9.55.0rc1)
Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f (ghostpdl-10.03.0)
EPSS
Связанные уязвимости
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS