RH summary [1]: The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Upstream patch [2] Upstream ref [3] [1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5951 [2] http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ec [3] https://bugs.ghostscript.com/show_bug.cgi?id=697548
Patched in our 9.21
This issue was resolved and addressed in GLSA 201708-06 at https://security.gentoo.org/glsa/201708-06 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf8f468602a503510b8ccb45b2a0c80f37c83949