RH summary [1]: A null pointer vulnerability was found in mem_get_bits_rectangle() when trying to read from unallocated memory. Upstream patch [2] Upstream ref [3] [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7207 [2] http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091 [3] https://bugs.ghostscript.com/show_bug.cgi?id=697676
CVE ID: CVE-2017-7207 Summary: The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. Published: 2017-03-21T06:59:00.000Z
*** Bug 621124 has been marked as a duplicate of this bug. ***
Patched in our 9.21
Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201708-06 at https://security.gentoo.org/glsa/201708-06 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf8f468602a503510b8ccb45b2a0c80f37c83949