CVE-2017-9835
https://notcve.org/view.php?id=CVE-2017-9835
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. La función gs_alloc_ref_array en psi/ialloc.c en Artifex Ghostscript versión 9.21 permite a los atacantes remotos causar una denegación de servicio (DoS) (desbordamiento de búfer en la región heap de la memoria y bloqueo de la aplicación) o posiblemente tener otro impacto no especificado por medio de un documento PostScript creado. Esto está relacionado con la falta de una comprobación de desbordamiento de enteros en base/gsalloc.c. • http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=cfde94be1d4286bc47633c6e6eaf4e659bd78066 http://www.debian.org/security/2017/dsa-3986 http://www.securityfocus.com/bid/99991 https://bugs.ghostscript.com/show_bug.cgi?id=697985 https://security.gentoo.org/glsa/201811-12 • CWE-190: Integer Overflow or Wraparound •
CVE-2017-8908
https://notcve.org/view.php?id=CVE-2017-8908
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document. La función mark_line_tr en gxscanc.c de Artifex Ghostscript 9.21 permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) a través de un documento PostScript manipulado. • http://www.securityfocus.com/bid/98427 https://bugs.ghostscript.com/show_bug.cgi?id=697810 • CWE-125: Out-of-bounds Read •
CVE-2017-8291 – Artifex Ghostscript Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-8291
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. Artifex Ghostscript permite sobrepasar -dSAFER y la ejecución de comandos remotos a través de una vulnerabilidad de type confusion en .rsdparams con una subcadena "/ OutputFile (% pipe%" en un documento .eps que se utilice como entrada al gs. It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. • https://www.exploit-db.com/exploits/41955 http://openwall.com/lists/oss-security/2017/04/28/2 http://www.debian.org/security/2017/dsa-3838 http://www.securityfocus.com/bid/98476 https://access.redhat.com/errata/RHSA-2017:1230 https://bugs.ghostscript.com/show_bug.cgi?id=697808 https://bugzilla.redhat.com/show_bug.cgi?id=1446063 https://bugzilla.suse.com/show_bug.cgi?id=1036453 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=04b37bbce174eed24edec7ad5b920eb93db4d47d • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2017-7948
https://notcve.org/view.php?id=CVE-2017-7948
Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. Desbordamiento de entero en la función mark_curve en Artifex Ghostscript 9.21 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída de aplicación) o posiblemente tener otro impacto no especificado a través de un documento PostScript manipulado. • http://git.ghostscript.com/?p=ghostpdl.git%3Bh=8210a2864372723b49c526e2b102fdc00c9c4699 https://bugs.ghostscript.com/show_bug.cgi?id=697762 https://security.gentoo.org/glsa/201811-12 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-10317
https://notcve.org/view.php?id=CVE-2016-10317
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. La función fill_threshhold_buffer en base/gxht_thresh.c en Artifex Software, Inc. Ghostscript 9.20 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un documento PostScript manipulado. • http://www.securityfocus.com/bid/97410 https://bugs.ghostscript.com/show_bug.cgi?id=697459 https://usn.ubuntu.com/3636-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •