Bugzilla – Bug 1050888
VUL-0: CVE-2017-9727: ghostscript, ghostscript-library: heap-based buffer over-read in gx_ttfReader__Read in base/gxttfb.c
Last modified: 2020-06-11 20:31:42 UTC
CVE-2017-9727 The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9727 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-9727.html http://www.cvedetails.com/cve/CVE-2017-9727/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9727 http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b http://bugs.ghostscript.com/show_bug.cgi?id=698056
SUSE-SU-2018:0407-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1032138,1032230,1040643,1050879,1050887,1050888,1050889,1050891,1051184 CVE References: CVE-2016-10219,CVE-2016-10317,CVE-2017-11714,CVE-2017-9216,CVE-2017-9612,CVE-2017-9726,CVE-2017-9727,CVE-2017-9739,CVE-2017-9835 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): ghostscript-9.15-23.7.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12-SP3 (src): ghostscript-9.15-23.7.1 SUSE Linux Enterprise Server 12-SP2 (src): ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12-SP3 (src): ghostscript-9.15-23.7.1 SUSE Linux Enterprise Desktop 12-SP2 (src): ghostscript-9.15-23.7.1
openSUSE-SU-2018:0421-1: An update that fixes 9 vulnerabilities is now available. Category: security (moderate) Bug References: 1032138,1032230,1040643,1050879,1050887,1050888,1050889,1050891,1051184 CVE References: CVE-2016-10219,CVE-2016-10317,CVE-2017-11714,CVE-2017-9216,CVE-2017-9612,CVE-2017-9726,CVE-2017-9727,CVE-2017-9739,CVE-2017-9835 Sources used: openSUSE Leap 42.3 (src): ghostscript-9.15-14.3.1, ghostscript-mini-9.15-14.3.1
SUSE-SU-2018:1140-1: An update that solves 10 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1018128,1030263,1032138,1032230,1040643,1050879,1050887,1050888,1050889,1050891,1051184 CVE References: CVE-2016-10219,CVE-2016-9601,CVE-2017-11714,CVE-2017-7207,CVE-2017-9216,CVE-2017-9612,CVE-2017-9726,CVE-2017-9727,CVE-2017-9739,CVE-2017-9835 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): ghostscript-library-8.62-32.47.7.1 SUSE Linux Enterprise Server 11-SP4 (src): ghostscript-library-8.62-32.47.7.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): ghostscript-library-8.62-32.47.7.1
released