Package "libgs-common"
Name: |
libgs-common
|
Description: |
interpreter for the PostScript language and for PDF - ICC profiles
|
Latest version: |
10.03.1~dfsg1-0ubuntu2.1 |
Release: |
oracular (24.10) |
Level: |
updates |
Repository: |
main |
Head package: |
ghostscript |
Homepage: |
https://www.ghostscript.com/ |
Links
Download "libgs-common"
Other versions of "libgs-common" in Oracular
Changelog
ghostscript (10.03.1~dfsg1-0ubuntu2.1) oracular-security; urgency=medium
* SECURITY UPDATE: incorrect Pattern Implementation type handling
- debian/patches/CVE-2024-46951.patch: check the type of the Pattern
Implementation in psi/zcolor.c.
- CVE-2024-46951
* SECURITY UPDATE: Buffer overflow in PDF XRef stream
- debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
streams in pdf/pdf_xref.c.
- CVE-2024-46952
* SECURITY UPDATE: output filename overflow
- debian/patches/CVE-2024-46953.patch: check for overflow validating
format string for the output file name in base/gsdevice.c.
- CVE-2024-46953
* SECURITY UPDATE: directory escape via overlong encodings
- debian/patches/CVE-2024-46954.patch: fix decode_utf8 to forbid
overlong encodings in base/gp_utf8.c.
- CVE-2024-46954
* SECURITY UPDATE: Out of bounds read when reading color
- debian/patches/CVE-2024-46955.patch: check Indexed colour space index
in psi/zcolor.c.
- CVE-2024-46955
* SECURITY UPDATE: incorrect buffer length check
- debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
- CVE-2024-46956
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2024 11:08:51 -0500
|
CVE-2024-46951 |
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead |
CVE-2024-46952 |
An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (rel |
CVE-2024-46953 |
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for th |
CVE-2024-46954 |
An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directo |
CVE-2024-46955 |
An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color spa |
CVE-2024-46956 |
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code |
|
About
-
Send Feedback to @ubuntu_updates