USN-6897-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6897-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6897-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-6897-1

Related

Published

2024-07-15T11:27:33.347409Z

Modified

2024-07-15T11:27:33.347409Z

Summary

ghostscript vulnerabilities

Details

It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29506)

It was discovered that Ghostscript incorrectly handled certain API parameters. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29507)

It was discovered that Ghostscript incorrectly handled certain BaseFont names. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-29508)

It was discovered that Ghostscript incorrectly handled certain PDF passwords that contained NULL bytes. An attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29509)

It was discovered that Ghostscript incorrectly handled certain certain file paths when doing OCR. An attacker could use this issue to read arbitrary files and write error messages to arbitrary files. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-29511)

References

Affected packages

Ubuntu:20.04:LTS / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/ubuntu/ghostscript?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.50~dfsg-5ubuntu4.13

Affected versions

9.*

9.27~dfsg+0-0ubuntu3

9.27~dfsg+0-0ubuntu4

9.50~dfsg-5ubuntu1

9.50~dfsg-5ubuntu2

9.50~dfsg-5ubuntu3

9.50~dfsg-5ubuntu4

9.50~dfsg-5ubuntu4.1

9.50~dfsg-5ubuntu4.2

9.50~dfsg-5ubuntu4.3

9.50~dfsg-5ubuntu4.4

9.50~dfsg-5ubuntu4.5

9.50~dfsg-5ubuntu4.6

9.50~dfsg-5ubuntu4.7

9.50~dfsg-5ubuntu4.8

9.50~dfsg-5ubuntu4.9

9.50~dfsg-5ubuntu4.10

9.50~dfsg-5ubuntu4.11

9.50~dfsg-5ubuntu4.12

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9.50~dfsg-5ubuntu4.13",
            "binary_name": "ghostscript"
        },
        {
            "binary_version": "9.50~dfsg-5ubuntu4.13",
            "binary_name": "ghostscript-dbg"
        },
        {
            "binary_version": "9.50~dfsg-5ubuntu4.13",
            "binary_name": "ghostscript-doc"
        },
        {
            "binary_version": "9.50~dfsg-5ubuntu4.13",
            "binary_name": "ghostscript-x"
        },
        {
            "binary_version": "9.50~dfsg-5ubuntu4.13",
            "binary_name": "libgs-dev"
        },
        {
            "binary_version": "9.50~dfsg-5ubuntu4.13",
            "binary_name": "libgs9"
        },
        {
            "binary_version": "9.50~dfsg-5ubuntu4.13",
            "binary_name": "libgs9-common"
        }
    ]
}

Ubuntu:22.04:LTS / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/ubuntu/ghostscript?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.55.0~dfsg1-0ubuntu5.9

Affected versions

9.*

9.54.0~dfsg1-0ubuntu2

9.55.0~dfsg1-0ubuntu4

9.55.0~dfsg1-0ubuntu5

9.55.0~dfsg1-0ubuntu5.1

9.55.0~dfsg1-0ubuntu5.2

9.55.0~dfsg1-0ubuntu5.3

9.55.0~dfsg1-0ubuntu5.4

9.55.0~dfsg1-0ubuntu5.5

9.55.0~dfsg1-0ubuntu5.6

9.55.0~dfsg1-0ubuntu5.7

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "ghostscript"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "ghostscript-dbgsym"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "ghostscript-doc"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "ghostscript-x"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "ghostscript-x-dbgsym"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "libgs-dev"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "libgs9"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "libgs9-common"
        },
        {
            "binary_version": "9.55.0~dfsg1-0ubuntu5.9",
            "binary_name": "libgs9-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / ghostscript

Package

Name: ghostscript
Purl: pkg:deb/ubuntu/ghostscript?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.02.1~dfsg1-0ubuntu7.3

Affected versions

10.*

10.01.2~dfsg1-0ubuntu2

10.01.2~dfsg1-0ubuntu2.1

10.02.1~dfsg1-0ubuntu1

10.02.1~dfsg1-0ubuntu2

10.02.1~dfsg1-0ubuntu5

10.02.1~dfsg1-0ubuntu6

10.02.1~dfsg1-0ubuntu7

10.02.1~dfsg1-0ubuntu7.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "ghostscript"
        },
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "ghostscript-dbgsym"
        },
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "ghostscript-doc"
        },
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "libgs-common"
        },
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "libgs-dev"
        },
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "libgs10"
        },
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "libgs10-common"
        },
        {
            "binary_version": "10.02.1~dfsg1-0ubuntu7.3",
            "binary_name": "libgs10-dbgsym"
        }
    ]
}