Описание
ELSA-2024-4549: ghostscript security update (IMPORTANT)
[9.25-5.0.1]
- Fixes CVE-2024-33871 OPVP device arbitrary code execution via custom Driver library
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
ghostscript
9.25-5.0.1.el7
ghostscript-cups
9.25-5.0.1.el7
ghostscript-doc
9.25-5.0.1.el7
ghostscript-gtk
9.25-5.0.1.el7
libgs
9.25-5.0.1.el7
libgs-devel
9.25-5.0.1.el7
Oracle Linux x86_64
ghostscript
9.25-5.0.1.el7
ghostscript-cups
9.25-5.0.1.el7
ghostscript-doc
9.25-5.0.1.el7
ghostscript-gtk
9.25-5.0.1.el7
libgs
9.25-5.0.1.el7
libgs-devel
9.25-5.0.1.el7
Связанные CVE
Связанные уязвимости
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib ...
