Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5643-1

Ubuntu Security Notice 5643-1 - It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that GhostScript incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted PDF file, a remote attacker could use this issue to cause GhostScript to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Packet Storm
#vulnerability#ubuntu#dos#pdf
==========================================================================Ubuntu Security Notice USN-5643-1September 27, 2022ghostscript vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Ghostscript.Software Description:- ghostscript: PostScript and PDF interpreterDetails:It was discovered that GhostScript incorrectly handled certain PDF files.If a user or automated system were tricked into opening a specially craftedPDF file, a remote attacker could use this issue to cause GhostScript tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.(CVE-2020-27792)It was discovered that GhostScript incorrectly handled certain PDF files.If a user or automated system were tricked into opening a specially craftedPDF file, a remote attacker could use this issue to cause GhostScript tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2085)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  ghostscript                     9.55.0~dfsg1-0ubuntu5.1Ubuntu 20.04 LTS:  ghostscript                     9.50~dfsg-5ubuntu4.6Ubuntu 18.04 LTS:  ghostscript                     9.26~dfsg+0-0ubuntu0.18.04.17In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5643-1  CVE-2020-27792, CVE-2022-2085Package Information:  https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.1  https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.6  https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.18.04.17

Related news

Gentoo Linux Security Advisory 202309-03

Gentoo Linux Security Advisory 202309-3 - Multiple vulnerabilities have been discovered in GPL Ghostscript, the worst of which could result in remote code execution. Versions greater than or equal to 10.01.2 are affected.

Gentoo Linux Security Advisory 202211-11

Gentoo Linux Security Advisory 202211-11 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in arbitrary code execution. Versions less than 9.56.1 are affected.

Ubuntu Security Notice USN-5618-1

Ubuntu Security Notice 5618-1 - It was discovered the Ghostscript incorrectly handled memory when processing certain inputs. By tricking a user into opening a specially crafted PDF file, an attacker could cause the program to crash.

CVE-2020-27792: Invalid Bug ID

A heap-based buffer over write vulnerability was found in GhostScript's lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.

CVE-2022-2085: Invalid Bug ID

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution