UbuntuUpdates.org

Package "libgs-common"

Name: libgs-common

Description:

interpreter for the PostScript language and for PDF - ICC profiles

Latest version: 10.03.1~dfsg1-0ubuntu2.1
Release: oracular (24.10)
Level: security
Repository: main
Head package: ghostscript
Homepage: https://www.ghostscript.com/

Links


Download "libgs-common"


Other versions of "libgs-common" in Oracular

Repository Area Version
base main 10.03.1~dfsg1-0ubuntu2
updates main 10.03.1~dfsg1-0ubuntu2.1

Changelog

Version: 10.03.1~dfsg1-0ubuntu2.1 2024-11-12 19:07:09 UTC

  ghostscript (10.03.1~dfsg1-0ubuntu2.1) oracular-security; urgency=medium

  * SECURITY UPDATE: incorrect Pattern Implementation type handling
    - debian/patches/CVE-2024-46951.patch: check the type of the Pattern
      Implementation in psi/zcolor.c.
    - CVE-2024-46951
  * SECURITY UPDATE: Buffer overflow in PDF XRef stream
    - debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
      streams in pdf/pdf_xref.c.
    - CVE-2024-46952
  * SECURITY UPDATE: output filename overflow
    - debian/patches/CVE-2024-46953.patch: check for overflow validating
      format string for the output file name in base/gsdevice.c.
    - CVE-2024-46953
  * SECURITY UPDATE: directory escape via overlong encodings
    - debian/patches/CVE-2024-46954.patch: fix decode_utf8 to forbid
      overlong encodings in base/gp_utf8.c.
    - CVE-2024-46954
  * SECURITY UPDATE: Out of bounds read when reading color
    - debian/patches/CVE-2024-46955.patch: check Indexed colour space index
      in psi/zcolor.c.
    - CVE-2024-46955
  * SECURITY UPDATE: incorrect buffer length check
    - debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
    - CVE-2024-46956

 -- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 11:08:51 -0500

CVE-2024-46951 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead
CVE-2024-46952 An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (rel
CVE-2024-46953 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for th
CVE-2024-46954 An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directo
CVE-2024-46955 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color spa
CVE-2024-46956 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code



About   -   Send Feedback to @ubuntu_updates