MGASA-2020-0344

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0344.html

Import Source

https://advisories.mageia.org/MGASA-2020-0344.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0344

Related

Published

2020-08-25T08:13:25Z

Modified

2020-08-25T07:40:02Z

Summary

Updated ghostscript packages fix security vulnerabilities

Details

The updated packages fix security vulnerabilities:

A buffer overflow vulnerability in lprnisblack() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16287)

A buffer overflow vulnerability in pjcommonprint_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16288)

A buffer overflow vulnerability in cifprintpage() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16289)

A buffer overflow vulnerability in jetp3852printpage() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16290)

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16291)

A buffer overflow vulnerability in mjrastercmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16292)

A null pointer dereference vulnerability in composegroupnonknockoutnonblendisolatedallmaskcommon() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16293)

A buffer overflow vulnerability in epscprintpage() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16294)

A null pointer dereference vulnerability in cljmediasize() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16295)

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16296)

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16297)

A buffer overflow vulnerability in mjcolorcorrect() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16298)

A Division by Zero vulnerability in bj10vprintpage() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16299)

A buffer overflow vulnerability in tiff12printpage() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16300)

A buffer overflow vulnerability in okiibmprintpage1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16301)

A buffer overflow vulnerability in jetp3852printpage() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. (CVE-2020-16302)

A use-after-free vulnerability in xpsfinishimage_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. (CVE-2020-16303)

A buffer overflow vulnerability in imagerendercolor_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. (CVE-2020-16304)

A buffer overflow vulnerability in pcxwriterle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16305)

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. (CVE-2020-16306)

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. (CVE-2020-16307)

A buffer overflow vulnerability in pprintimage() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16308)

A buffer overflow vulnerability in lxm5700mprintpage() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. (CVE-2020-16309)

A division by zero vulnerability in dot24printpage() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-16310)

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. (CVE-2020-17538)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0344

Affected packages