Headline
Gentoo Linux Security Advisory 202309-03
Gentoo Linux Security Advisory 202309-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. Versions greater than or equal to 10.01.2 are affected.
Gentoo Linux Security Advisory GLSA 202309-03
https://security.gentoo.org/
Severity: High
Title: GPL Ghostscript: Multiple Vulnerabilities
Date: September 17, 2023
Bugs: #904245, #910294
ID: 202309-03
Synopsis
Multiple vulnerabilities have been discovered in GPL Ghostscript, the
worst of which could result in remote code execution.
Background
Ghostscript is an interpreter for the PostScript language and for PDF.
Affected packages
Package Vulnerable Unaffected
app-text/ghostscript-gpl < 10.01.2 >= 10.01.2
Description
Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All GPL Ghostscript users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=app-text/ghostscript-gpl-10.01.2”
References
[ 1 ] CVE-2022-2085
https://nvd.nist.gov/vuln/detail/CVE-2022-2085
[ 2 ] CVE-2023-28879
https://nvd.nist.gov/vuln/detail/CVE-2023-28879
[ 3 ] CVE-2023-36664
https://nvd.nist.gov/vuln/detail/CVE-2023-36664
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202309-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.
Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for "unauthorized remote code execution, which means an attacker would have
Ubuntu Security Notice 6213-1 - It was discovered that Ghostscript incorrectly handled pipe devices. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to execute arbitrary code.
Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
Ubuntu Security Notice 6017-2 - USN-6017-1 fixed vulnerabilities in Ghostscript. This update provides the corresponding updates for Ubuntu 23.04. Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 6017-1 - Hadrien Perrineau discovered that Ghostscript incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
Debian Linux Security Advisory 5383-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, is prone to a buffer overflow vulnerability in the (T)BCP encoding filters, which could result in the execution of arbitrary code if malformed document files are processed (despite the -dSAFER sandbox being enabled).
In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.
Gentoo Linux Security Advisory 202211-11 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in arbitrary code execution. Versions less than 9.56.1 are affected.
Ubuntu Security Notice 5643-1 - It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.