It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291)
Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217)
Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219)
Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207)
{ "availability": "No subscription required", "binaries": [ { "libgs9-dbgsym": "9.10~dfsg-0ubuntu10.7", "ghostscript-dbgsym": "9.10~dfsg-0ubuntu10.7", "ghostscript-dbg": "9.10~dfsg-0ubuntu10.7", "ghostscript-doc": "9.10~dfsg-0ubuntu10.7", "ghostscript-x": "9.10~dfsg-0ubuntu10.7", "libgs9": "9.10~dfsg-0ubuntu10.7", "ghostscript-x-dbgsym": "9.10~dfsg-0ubuntu10.7", "libgs-dev-dbgsym": "9.10~dfsg-0ubuntu10.7", "libgs9-common": "9.10~dfsg-0ubuntu10.7", "ghostscript": "9.10~dfsg-0ubuntu10.7", "libgs-dev": "9.10~dfsg-0ubuntu10.7" } ] }
{ "availability": "No subscription required", "binaries": [ { "libgs9-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-dbg": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-doc": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-x": "9.18~dfsg~0-0ubuntu2.4", "libgs9": "9.18~dfsg~0-0ubuntu2.4", "ghostscript-x-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "libgs-dev-dbgsym": "9.18~dfsg~0-0ubuntu2.4", "libgs9-common": "9.18~dfsg~0-0ubuntu2.4", "ghostscript": "9.18~dfsg~0-0ubuntu2.4", "libgs-dev": "9.18~dfsg~0-0ubuntu2.4" } ] }