From https://www.ghostscript.com/ and https://ghostscript.readthedocs.io/en/gs10.04.0/News.html: """ September 18, 2024: Ghostscript/GhostPDL 10.04.0 release fixes: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955 and CVE-2024-46956. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d34845b91de4df6d8b352c2bd0e317a5a85cfdb commit 9d34845b91de4df6d8b352c2bd0e317a5a85cfdb Author: Sam James <sam@gentoo.org> AuthorDate: 2024-11-01 07:10:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-11-01 07:13:18 +0000 app-text/ghostscript-gpl: add 10.04.0 Bug: https://bugs.gentoo.org/942639 Signed-off-by: Sam James <sam@gentoo.org> app-text/ghostscript-gpl/Manifest | 2 + .../ghostscript-gpl/ghostscript-gpl-10.04.0.ebuild | 198 +++++++++++++++++++++ 2 files changed, 200 insertions(+)
CVE-2024-46951 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. CVE-2024-46952 An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). CVE-2024-46953 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. CVE-2024-46954 Undergoing Reanalysis An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. CVE-2024-46955 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. CVE-2024-46956 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d9a62f6edb668bbc647f3d18731071bb283adf14 commit d9a62f6edb668bbc647f3d18731071bb283adf14 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2025-01-23 06:18:34 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2025-01-23 06:18:42 +0000 [ GLSA 202501-06 ] GPL Ghostscript: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/942639 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202501-06.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)