Bug 1032114 - (CVE-2017-5951) VUL-1: CVE-2017-5951: ghostscript,ghostscript-library: The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.Ghostscript 9.20 all...
(CVE-2017-5951)
VUL-1: CVE-2017-5951: ghostscript,ghostscript-library: The mem_get_bits_recta...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/182788/
CVSSv2:SUSE:CVE-2017-5951:1.9:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-03 14:32 UTC by Marcus Meissner
Modified: 2020-06-11 20:31 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
null_ptr_ref_stack_index (38 bytes, application/octet-stream)
2017-04-03 14:33 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-04-03 14:32:50 UTC
CVE-2017-5951

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5951
https://bugs.ghostscript.com/show_bug.cgi?id=697548
Comment 1 Marcus Meissner 2017-04-03 14:33:41 UTC
Created attachment 719653 [details]
null_ptr_ref_stack_index

QA REPRODUCER:

gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER null_ptr_ref_stack_index -c quit


GPL Ghostscript 9.15 (2014-09-22)
Copyright (C) 2014 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Can't find (or can't open) font file /usr/share/ghostscript/9.15/Resource/Font/--nostringval--.
Can't find font with non-string name: --nostringval--.
Querying operating system for font files...
Can't find (or can't open) font file /usr/share/ghostscript/9.15/Resource/Font/--nostringval--.
Can't find font with non-string name: --nostringval--.
Didn't find this font on the system!
Substituting font Courier for --nostringval--.
Loading NimbusMonL-Regu font from /usr/share/ghostscript/9.15/Resource/Font/NimbusMonL-Regu... 4341344 2764171 10483080 8931809 1 done.
Speicherzugriffsfehler


should not segfault
Comment 2 Vítězslav Čížek 2017-04-28 08:39:25 UTC
Fix is available at http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ec
Comment 4 Swamp Workflow Management 2017-04-28 22:09:28 UTC
SUSE-SU-2017:1138-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1018128,1030263,1032114,1032120,1036453
CVE References: CVE-2016-10220,CVE-2016-9601,CVE-2017-5951,CVE-2017-7207,CVE-2017-8291
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Server 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Server 12-SP1 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ghostscript-9.15-20.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ghostscript-9.15-20.1
Comment 5 Swamp Workflow Management 2017-05-08 16:16:11 UTC
openSUSE-SU-2017:1203-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1018128,1030263,1032114,1032120,1036453
CVE References: CVE-2016-10220,CVE-2016-9601,CVE-2017-5951,CVE-2017-7207,CVE-2017-8291
Sources used:
openSUSE Leap 42.2 (src):    ghostscript-9.15-11.3.1, ghostscript-mini-9.15-11.3.1
openSUSE Leap 42.1 (src):    ghostscript-9.15-17.1, ghostscript-mini-9.15-17.1
Comment 6 Swamp Workflow Management 2017-05-24 19:13:55 UTC
SUSE-SU-2017:1404-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1018128,1030263,1032114,1032120,1036453
CVE References: CVE-2016-10220,CVE-2016-9601,CVE-2017-5951,CVE-2017-7207,CVE-2017-8291
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server for SAP 12 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server 12-SP1 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Server 12-LTSS (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    ghostscript-9.15-22.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    ghostscript-9.15-22.1
Comment 7 Daniel Molkentin 2017-06-06 08:58:30 UTC
Fix is in SLE12 and Factory. Reassigning to Security Team for final triaging.
Comment 8 Marcus Meissner 2018-02-12 21:07:07 UTC
released
Comment 9 Marcus Meissner 2018-04-26 15:06:54 UTC
SLE11 is also affected, please submit.
Comment 14 Marcus Meissner 2020-01-27 15:40:56 UTC
released