Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 734322 (CVE-2020-15900, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538) - <app-text/ghostscript-gpl-9.52: Multiple vulnerabilities (CVE-2020-{15900,16287,16288,16289,16290,16291,16292,16293,16294,16295,16296,16297,16298,16299,16300,16301,16302,16303,16304,16305,16306,16307,16308,16309,16310,17538})
Summary: <app-text/ghostscript-gpl-9.52: Multiple vulnerabilities (CVE-2020-{15900,162...
Status: RESOLVED FIXED
Alias: CVE-2020-15900, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://artifex.com/security-advisori...
Whiteboard: B2 [glsa+ cve]
Keywords: CC-ARCHES, STABLEREQ
: 736645 (view as bug list)
Depends on:
Blocks:
 
Reported: 2020-07-28 20:21 UTC by John Helmert III (ajak)
Modified: 2020-08-29 22:13 UTC (History)
4 users (show)

See Also:
Package list:
app-text/ghostscript-gpl-9.52-r1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-07-28 20:21:49 UTC
CVE-2020-15900:

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.



Patch: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b
Comment 1 John Helmert III (ajak) 2020-07-28 20:22:42 UTC
Maintainer(s), please add the patch to our package.
Comment 2 Sam James gentoo-dev Security 2020-08-11 02:22:10 UTC
*** Bug 736645 has been marked as a duplicate of this bug. ***
Comment 3 Sam James gentoo-dev Security 2020-08-11 02:23:08 UTC
ping.
Comment 4 Sam James gentoo-dev Security 2020-08-13 07:41:28 UTC
* CVE-2020-16287

Description:
"A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701785
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 

* CVE-2020-16288

Description:
"A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f
    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701791 


* CVE-2020-16289

Description:
"A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701788
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 

* CVE-2020-16290

Description:
"A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d
    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701786 

* CVE-2020-16291

Description:
"A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6
    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701787 

* CVE-2020-16292

Description:
"A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701793
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7
Comment 5 Sam James gentoo-dev Security 2020-08-13 07:43:37 UTC
* CVE-2020-16293

Description:
"A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701795
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 

* CVE-2020-16294

Description:
"A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701794
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 

* CVE-2020-16295

Description:
"A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:http://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e
    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701796
Comment 6 Sam James gentoo-dev Security 2020-08-13 07:46:56 UTC
* CVE-2020-16296

Description:
"A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701792
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 

* CVE-2020-16297

Description:
"A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701800
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 

* CVE-2020-16298

Description:
"A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701799
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af 

* CVE-2020-16299

Description:
"A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701801
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece46870 

* CVE-2020-16300

Description:
"A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701807
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e
Comment 7 Sam James gentoo-dev Security 2020-08-13 07:48:37 UTC
(In reply to Sam James from comment #6)
> * CVE-2020-16300
> 
> Description:
> "A buffer overflow vulnerability in okiibm_print_page1() in
> devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote
> attacker to cause a denial of service via a crafted PDF file. This is fixed
> in v9.51."
> 
>     MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701807
>    
> MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;
> h=714e8995cd582d418276915cbbec3c70711fb19e

Correction, the description should be:
"A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."
Comment 8 Sam James gentoo-dev Security 2020-08-13 07:51:08 UTC
* CVE-2020-16301
	
Description:
"A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701808
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc 

* CVE-2020-16302

Description:
"A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701815
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 

* CVE-2020-16303

Description:
"A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701818
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb77 

* CVE-2020-16304

Description:
"A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51."

    MISC:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209
    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701816
Comment 9 Sam James gentoo-dev Security 2020-08-13 07:55:29 UTC
* CVE-2020-16305

Description:
"A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701819
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 

* CVE-2020-16306

Description:
"A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51."

    MISC:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804
    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701821 

* CVE-2020-16307

Description:
"A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51."

    MISC:http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f
    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701822 

* CVE-2020-16308

Description:
"A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701829
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6

* CVE-2020-16309

Description:
"A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701827
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10

* CVE-2020-16310

Description:
"A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701828
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e 

* CVE-2020-17538

Description:
"A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51."

    MISC:https://bugs.ghostscript.com/show_bug.cgi?id=701792
    MISC:https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134
Comment 10 Larry the Git Cow gentoo-dev 2020-08-13 10:26:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed06c479fa67368ab3ac212a0518b986aec90716

commit ed06c479fa67368ab3ac212a0518b986aec90716
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-08-13 10:26:11 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-08-13 10:26:20 +0000

    app-text/ghostscript-gpl: bump to v9.52
    
    Bug: https://bugs.gentoo.org/734322
    Closes: https://bugs.gentoo.org/715760
    Package-Manager: Portage-3.0.2, Repoman-2.3.23
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 app-text/ghostscript-gpl/Manifest                  |   3 +
 .../ghostscript-gpl/ghostscript-gpl-9.52.ebuild    | 204 +++++++++++++++++++++
 2 files changed, 207 insertions(+)
Comment 11 Sam James gentoo-dev Security 2020-08-14 17:24:01 UTC
arm64 done
Comment 12 Sam James gentoo-dev Security 2020-08-14 17:30:58 UTC
sparc done
Comment 13 Sam James gentoo-dev Security 2020-08-14 17:44:58 UTC
amd64 done
Comment 14 Sam James gentoo-dev Security 2020-08-14 21:50:18 UTC
x86 done
Comment 15 Sam James gentoo-dev Security 2020-08-15 03:05:15 UTC
arm done
Comment 16 Agostino Sarubbo gentoo-dev 2020-08-16 14:48:04 UTC
s390 stable
Comment 17 Reva Denis 2020-08-16 15:01:50 UTC
Thank you, Gentoo developers, you doing a great work!
Comment 18 Rolf Eike Beer 2020-08-17 17:15:51 UTC
hppa stable
Comment 19 Sam James gentoo-dev Security 2020-08-18 05:52:24 UTC
ppc64 done
Comment 20 Sam James gentoo-dev Security 2020-08-29 18:21:13 UTC
ppc done

all arches done
Comment 21 Sam James gentoo-dev Security 2020-08-29 18:24:01 UTC
Maintainers, please cleanup.

(In reply to Reva Denis from comment #17)
> Thank you, Gentoo developers, you doing a great work!

Thank you!
Comment 22 Larry the Git Cow gentoo-dev 2020-08-29 22:12:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3adf541ebbbf276b36e35496e78fdcb29ee5c1e5

commit 3adf541ebbbf276b36e35496e78fdcb29ee5c1e5
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2020-08-29 22:11:49 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2020-08-29 22:12:27 +0000

    app-text/ghostscript-gpl: drop vulnerable
    
    Bug: https://bugs.gentoo.org/734322
    
    Signed-off-by: Aaron Bauman <bman@gentoo.org>

 app-text/ghostscript-gpl/Manifest                  |   2 -
 .../ghostscript-gpl/ghostscript-gpl-9.50.ebuild    | 202 ---------------------
 2 files changed, 204 deletions(-)
Comment 23 GLSAMaker/CVETool Bot gentoo-dev 2020-08-29 22:13:07 UTC
This issue was resolved and addressed in
 GLSA 202008-20 at https://security.gentoo.org/glsa/202008-20
by GLSA coordinator Sam James (sam_c).