Bug 1175719 - (CVE-2020-16287) VUL-0: ghostscript: multiple vulnerabilities in 9.50
(CVE-2020-16287)
VUL-0: ghostscript: multiple vulnerabilities in 9.50
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Johannes Meixner
Security Team bot
https://smash.suse.de/issue/265187/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-25 11:42 UTC by Robert Frohl
Modified: 2020-11-14 07:47 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2020-08-25 11:42:30 UTC
fixed in 9.51:
CVE-2020-17538: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS via a crafted PDF file
CVE-2020-16310: division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c could result in a DoS via a crafted PDF file
CVE-2020-16309: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS via a crafted PDF file
CVE-2020-16308: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS via a crafted PDF file
CVE-2020-16307: A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS via a crafted postscript file
CVE-2020-16306: A null pointer dereference vulnerability in devices/gdevtsep.c could result in a DoS via a crafted postscript file
CVE-2020-16305: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS via a crafted PDF file
CVE-2020-16304: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS via a crafted PDF file
CVE-2020-16303: use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation via a crafted PDF file
CVE-2020-16302: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation via a crafted PDF file
CVE-2020-16301: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS via a crafted PDF file
CVE-2020-16300: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS via a crafted PDF file
CVE-2020-16299: division by zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS via a crafted PDF file
CVE-2020-16298: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS via a crafted PDF file
CVE-2020-16297: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS via a crafted PDF file
CVE-2020-16296: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS via a crafted PDF file
CVE-2020-16295: A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c could result in a DoS via a crafted PDF file
CVE-2020-16294: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS via a crafted PDF file
CVE-2020-16293: A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS via a crafted PDF file
CVE-2020-16292: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS via a crafted PDF file
CVE-2020-16291: buffer overflow in contrib/gdevdj9.c could result in a DoS via a crafted PDF file
CVE-2020-16290: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS via a crafted PDF file
CVE-2020-16289: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS via a crafted PDF file
CVE-2020-16288: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS via a crafted PDF file
CVE-2020-16287: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS via a crafted PDF file
Comment 1 Robert Frohl 2020-08-25 11:43:11 UTC
we already released the fixed version, but the CVEs are missing from the changes file