SB2016032906 - NULL pointer dereference in ghostscript (Alpine package)
Published: March 29, 2016
Security Bulletin ID
SB2016032906
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2017-5951)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.The vulnerability exists due to a NULL pointer dereference error within the mem_get_bits_rectangle() function in base/gdevmem.c in Ghostscript. A remote attacker can create a specially crafted file, pass it to the affected application and crash it.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3d949953ed023a00e502072af12541c64feb3494
- https://git.alpinelinux.org/aports/commit/?id=38c2fab4c40672459821302e7eec434b602757b8
- https://git.alpinelinux.org/aports/commit/?id=4a52a88813303a6f82eed629efa03380141dfb5b
- https://git.alpinelinux.org/aports/commit/?id=d76bbde3138831382b99b95241f4699877628b6d
- https://git.alpinelinux.org/aports/commit/?id=84d9d1ac4496bf8360a8e717152bb81419d7e989
- https://git.alpinelinux.org/aports/commit/?id=ecd52791ab2f99ba3adc08ecae1f67bce5be1f80
- https://git.alpinelinux.org/aports/commit/?id=0d31fbd835bf00e76c6af48139c8f30e9ee0d095
- https://git.alpinelinux.org/aports/commit/?id=9e5165491f23d8a3319f093ca306f184f770e241
- https://git.alpinelinux.org/aports/commit/?id=2f6ffe9d3546ffc27017c9e64547d3540322fb5a