Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:3942-1

Опубликовано: 07 нояб. 2024
Источник: suse-cvrf

Описание

Security update for ghostscript

This update for ghostscript fixes the following issues:

  • CVE-2024-46951: Fixed arbitrary code execution via unchecked 'Implementation' pointer in 'Pattern' color space (bsc#1232265).
  • CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code execution (bsc#1232267).
  • CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access in filenameforall (bsc#1232270).
  • CVE-2024-46955: Fixed out of bounds read when reading color in 'Indexed' color space (bsc#1232269).

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS
ghostscript-9.52-23.86.1
ghostscript-devel-9.52-23.86.1
ghostscript-x11-9.52-23.86.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
ghostscript-9.52-23.86.1
ghostscript-devel-9.52-23.86.1
ghostscript-x11-9.52-23.86.1

Ссылки

Описание

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-devel-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-x11-9.52-23.86.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ghostscript-9.52-23.86.1
Ссылки

Описание

An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-devel-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-x11-9.52-23.86.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ghostscript-9.52-23.86.1
Ссылки

Описание

An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-devel-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-x11-9.52-23.86.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ghostscript-9.52-23.86.1
Ссылки

Описание

An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-devel-9.52-23.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:ghostscript-x11-9.52-23.86.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ghostscript-9.52-23.86.1
Ссылки
Уязвимость SUSE-SU-2024:3942-1