{"affected":[{"ecosystem_specific":{"binaries":[{"ghostscript-devel":"8.62-32.47.7.1","ghostscript-ijs-devel":"8.62-32.47.7.1","libgimpprint-devel":"4.2.7-32.47.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"ghostscript-library","purl":"pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.62-32.47.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript-fonts-other":"8.62-32.47.7.1","ghostscript-fonts-rus":"8.62-32.47.7.1","ghostscript-fonts-std":"8.62-32.47.7.1","ghostscript-library":"8.62-32.47.7.1","ghostscript-omni":"8.62-32.47.7.1","ghostscript-x11":"8.62-32.47.7.1","libgimpprint":"4.2.7-32.47.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"ghostscript-library","purl":"pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.62-32.47.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ghostscript-fonts-other":"8.62-32.47.7.1","ghostscript-fonts-rus":"8.62-32.47.7.1","ghostscript-fonts-std":"8.62-32.47.7.1","ghostscript-library":"8.62-32.47.7.1","ghostscript-omni":"8.62-32.47.7.1","ghostscript-x11":"8.62-32.47.7.1","libgimpprint":"4.2.7-32.47.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"ghostscript-library","purl":"pkg:rpm/suse/ghostscript-library&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.62-32.47.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ghostscript-library fixes several issues.\n \nThese security issues were fixed:\n\n- CVE-2017-7207: The mem_get_bits_rectangle function allowed remote attackers\n  to cause a denial of service (NULL pointer dereference) via a crafted\n  PostScript document (bsc#1030263).\n- CVE-2016-9601: Prevent heap-buffer overflow by checking for an integer\n  overflow in jbig2_image_new function (bsc#1018128).\n- CVE-2017-9612: The Ins_IP function in base/ttinterp.c allowed remote\n  attackers to cause a denial of service (use-after-free and application crash)\n  or possibly have unspecified other impact via a crafted document (bsc#1050891)\n- CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allowed remote\n  attackers to cause a denial of service (heap-based buffer over-read and\n  application crash) or possibly have unspecified other impact via a crafted\n  document (bsc#1050889)\n- CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allowed\n  remote attackers to cause a denial of service (heap-based buffer over-read and\n  application crash) or possibly have unspecified other impact via a crafted\n  document (bsc#1050888)\n- CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allowed remote\n  attackers to cause a denial of service (heap-based buffer over-read and\n  application crash) or possibly have unspecified other impact via a crafted\n  document (bsc#1050887)\n- CVE-2017-11714: psi/ztoken.c mishandled references to the scanner state\n  structure, which allowed remote attackers to cause a denial of service\n  (application crash) or possibly have unspecified other impact via a crafted\n  PostScript document, related to an out-of-bounds read in the\n  igc_reloc_struct_ptr function in psi/igc.c (bsc#1051184)\n- CVE-2017-9835: The gs_alloc_ref_array function allowed remote attackers to\n  cause a denial of service (heap-based buffer overflow and application crash) or\n  possibly have unspecified other impact via a crafted PostScript document\n  (bsc#1050879)\n- CVE-2016-10219: The intersect function in base/gxfill.c allowed remote\n  attackers to cause a denial of service (divide-by-zero error and application\n  crash) via a crafted file (bsc#1032138)\n- CVE-2017-9216: Prevent NULL pointer dereference in the jbig2_huffman_get\n  function in jbig2_huffman.c which allowed for DoS (bsc#1040643)\n","id":"SUSE-SU-2018:1140-1","modified":"2018-05-03T09:18:19Z","published":"2018-05-03T09:18:19Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181140-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1018128"},{"type":"REPORT","url":"https://bugzilla.suse.com/1030263"},{"type":"REPORT","url":"https://bugzilla.suse.com/1032138"},{"type":"REPORT","url":"https://bugzilla.suse.com/1032230"},{"type":"REPORT","url":"https://bugzilla.suse.com/1040643"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050879"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050887"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050888"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050889"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050891"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051184"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10219"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9601"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11714"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7207"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9216"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9612"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9726"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9727"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9739"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9835"}],"related":["CVE-2016-10219","CVE-2016-9601","CVE-2017-11714","CVE-2017-7207","CVE-2017-9216","CVE-2017-9612","CVE-2017-9726","CVE-2017-9727","CVE-2017-9739","CVE-2017-9835"],"summary":"Security update for ghostscript-library","upstream":["CVE-2016-10219","CVE-2016-9601","CVE-2017-11714","CVE-2017-7207","CVE-2017-9216","CVE-2017-9612","CVE-2017-9726","CVE-2017-9727","CVE-2017-9739","CVE-2017-9835"]}