QID 671112

The ghostscript suite contains utilities for rendering postscript and pdf documents.
Ghostscript translates postscript code to common bitmap formats so that the code can be displayed or printed.
This is related to a lack of an integer overflow check in base/gsalloc.c.(cve-2017-9835) the pdf14_pop_transparency_group function in base/gdevp14.c in the pdf transparency module in artifex software, inc. ghostscript 9.20 allows remote attackers to cause a denial of service (null pointer dereference and application crash) via a crafted file.(cve-2016-10218) the fill_threshhold_buffer function in base/gxht_thresh.c in artifex software, inc. ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted postscript document.(cve-2016-10317) the pdf14_open function in base/gdevp14.c in artifex software, inc. ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module.(cve-2016-10217) the intersect function in base/gxfill.c in artifex software, inc. ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.(cve-2016-10219) the mem_get_bits_rectangle function in base/gdevmem.c in artifex software, inc. ghostscript 9.20 allows remote attackers to cause a denial of service (null pointer dereference and application crash) via a crafted file.(cve-2017-5951)

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.