QID 239294
Date Published: 2021-05-20
QID 239294: Red Hat Update for ghostscript (RHSA-2021:1852)
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523)
Security Fix(es): ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr()
could result in DoS (CVE-2020-14373)
ghostscript: buffer overflow in lprn_is_black()
in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287)
ghostscript: buffer overflow in pj_common_print_page()
in devices/gdevpjet.c could result in a DoS (CVE-2020-16288)
ghostscript: buffer overflow in jetp3852_print_page()
in devices/gdev3852.c could result in a DoS (CVE-2020-16290)
ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291)
ghostscript: buffer overflow in mj_raster_cmd()
in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292)
ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common()
in base/gxblend.c could result in a DoS (CVE-2020-16293)
ghostscript: buffer overflow in epsc_print_page()
in devices/gdevepsc.c could result in a DoS (CVE-2020-16294)
ghostscript: NULL pointer dereference in clj_media_size()
in devices/gdevclj.c could result in a DoS (CVE-2020-16295)
ghostscript: buffer overflow in GetNumWrongData()
in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296)
ghostscript: buffer overflow in FloydSteinbergDitheringC()
in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297)
ghostscript: buffer overflow in mj_color_correct()
in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298)
ghostscript: division by zero in bj10v_print_page()
in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299)
ghostscript: buffer overflow in tiff12_print_page()
in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300)
ghostscript: buffer overflow in okiibm_print_page1()
in devices/gdevokii.c could result in a DoS (CVE-2020-16301)
ghostscript: buffer overflow in jetp3852_print_page()
in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302)
ghostscript: use-after-free in xps_fi
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
On successful exploitation, it could allow an attacker to execute code.
Refer to Red Hat security advisory RHSA-2021:1852 to address this issue and obtain more information.
- RHSA-2021:1852 -
access.redhat.com/errata/RHSA-2021:1852?language=en
CVEs related to QID 239294
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2021:1852 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2021:1852?language=en |