[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2017-784 ---- ghostscript

ID: oval:org.secpod.oval:def:1600492Date: (C)2017-01-12   (M)2023-12-20
Class: PATCHFamily: unix




It was found that the ghostscript functions getenv, file name for all and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process

Platform:
Amazon Linux AMI
Product:
ghostscript
Reference:
ALAS-2017-784
CVE-2016-7977
CVE-2016-8602
CVE-2013-5653
CVE-2016-7979
CVE    4
CVE-2016-7979
CVE-2016-7977
CVE-2016-8602
CVE-2013-5653
...
CPE    2
cpe:/o:amazon:linux
cpe:/a:ghostscript:ghostscript

© SecPod Technologies