USN-3272-1

Description

ghostscript vulnerabilities It was discovered that Ghostscript improperly handled parameters to the rsdparams and eqproc commands. An attacker could use these to craft a malicious document that could disable -dSAFER protections, thereby allowing the execution of arbitrary code, or cause a denial of service (application crash). (CVE-2017-8291) Kamil Frankowicz discovered a use-after-free vulnerability in the color management module of Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10217) Kamil Frankowicz discovered a divide-by-zero error in the scan conversion code in Ghostscript. An attacker could use this to cause a denial of service (application crash). (CVE-2016-10219) Kamil Frankowicz discovered multiple NULL pointer dereference errors in Ghostscript. An attacker could use these to cause a denial of service (application crash). (CVE-2016-10220, CVE-2017-5951, CVE-2017-7207)

Affected Systems

• ubuntu•ghostscript

  < 9.10~dfsg-0ubuntu10.7 | < 9.18~dfsg~0-0ubuntu2.4

References (7)

• https://ubuntu.com/security/notices/USN-3272-1
• https://ubuntu.com/security/CVE-2016-10217
• https://ubuntu.com/security/CVE-2016-10219
• https://ubuntu.com/security/CVE-2016-10220
• https://ubuntu.com/security/CVE-2017-5951
• https://ubuntu.com/security/CVE-2017-7207
• https://ubuntu.com/security/CVE-2017-8291