SB2017050319 - Fedora 25 update for ghostscript

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017050319

SB2017050319 - Fedora 25 update for ghostscript

Published: May 3, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017050319
Severity
Critical
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 10% High 10% Medium 50% Low 30%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2016-10217)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a crafted file that is mishandled in the color management module. A remote attackers can cause a denial of service (use-after-free and application crash).

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


2) NULL pointer dereference (CVE-ID: CVE-2016-10218)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted file.


3) Division by zero (CVE-ID: CVE-2016-10219)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide-by-zero error within the intersect() function in base/gxfill.c in Ghostscript 9.20. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a specially crafted file.



4) NULL pointer dereference (CVE-ID: CVE-2016-10220)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error within the gs_makewordimagedevice() function in base/gsdevmem.c. A remote attacker can create a specially crafted PDF file, pass it to the affected application, trigger NULL pointer dereference and crash the application.

5) NULL pointer dereference (CVE-ID: CVE-2017-5951)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the mem_get_bits_rectangle() function in base/gdevmem.c in Ghostscript. A remote attacker can create a specially crafted file, pass it to the affected application and crash it.

6) Integer overflow (CVE-ID: CVE-2017-7975)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code.

The weakness exists due to integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file. A remote attacker can send a specially crafted .jb2 file, trigger out-of-bounds writes and cause the application to crash or execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

7) Type confusion (CVE-ID: CVE-2017-8291)

The vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on a targeted system.

The weakness exists due to type confusion error when processing user-supplied parameters passed to the .rsdparams and .eqproc functions in ghostscript. A remote attacker can submit a specially crafted .eps document, execute code in the context of the ghostscript process and bypass -dSAFER protection.

Successful exploitation of the vulnerability may result in system compromise.

Note: this vulnerability is being exploited in the wild.

8) Heap-based buffer overflow (CVE-ID: CVE-2016-10317)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the fill_threshhold_buffer function in base/gxht_thresh.c due to heap-based buffer overflow. A remote attacker can submit a specially crafted PostScript document, trigger memory corruption and cause the service to crash.

9) Integer overflow (CVE-ID: CVE-2017-7885)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file. A remote attacker can send a specially crafted .jb2 file, trigger heap-based buffer over-read and access arbitrary files from process memory or cause the application to crash.

Successful exploitation of the vulnerability may result in information disclosure or denial of service.

10) Integer overflow (CVE-ID: CVE-2017-7976)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file. A remote attacker can send a specially crafted .jb2 file, trigger out-of-bounds writes and access arbitrary files from process memory, cause the application to crash or possibly execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References