Описание
ELSA-2024-4000: ghostscript security update (IMPORTANT)
[9.27-13]
- CVE-2024-33871 ghostscript: OPVP device arbitrary code execution via custom Driver library
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
ghostscript
9.27-13.el8_10
ghostscript-doc
9.27-13.el8_10
ghostscript-tools-dvipdf
9.27-13.el8_10
ghostscript-tools-fonts
9.27-13.el8_10
ghostscript-tools-printing
9.27-13.el8_10
ghostscript-x11
9.27-13.el8_10
libgs
9.27-13.el8_10
libgs-devel
9.27-13.el8_10
Oracle Linux x86_64
ghostscript
9.27-13.el8_10
ghostscript-doc
9.27-13.el8_10
ghostscript-tools-dvipdf
9.27-13.el8_10
ghostscript-tools-fonts
9.27-13.el8_10
ghostscript-tools-printing
9.27-13.el8_10
ghostscript-x11
9.27-13.el8_10
libgs
9.27-13.el8_10
libgs-devel
9.27-13.el8_10
Связанные CVE
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...
