RHEL-18397 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

Resolves: RHEL-18397

ghostscript.spec

@@ -42,7 +42,7 @@
 Name:             ghostscript
 Summary:          Interpreter for PostScript language & PDF
 Version:          9.54.0
-Release:          17%{?dist}
+Release:          18%{?dist}
 
 License:          AGPLv3+
 
@@ -121,6 +121,8 @@ Patch013: gs-CVE-2024-33870.patch
 Patch014: gs-CVE-2024-33869.patch
 # RHEL-44731 CVE-2024-29510 ghostscript: format string injection leads to shell command execution (SAFER bypass)
 Patch015: 0001-Uniprint-device-prevent-string-configuration-changes.patch
+# RHEL-18397 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
+Patch016: gs-cve-2023-46751.patch
 
 # Downstream patches -- these should be always included when doing rebase:
 # ------------------
@@ -454,6 +456,9 @@ done
 # =============================================================================
 
 %changelog
+* Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.54.0-18
+- RHEL-18397 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
+
 * Mon Jul 08 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.54.0-17
 - RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
 - RHEL-44745 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction

gs-cve-2023-46751.patch

@@ -0,0 +1,12 @@
+diff --git a/base/gdevprn.c b/base/gdevprn.c
+index cb3fdf4..cd4ea2b 100644
+--- a/base/gdevprn.c
++++ b/base/gdevprn.c
+@@ -1255,6 +1255,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode,
+               && !IS_LIBCTX_STDERR(pdev->memory, gp_get_file(ppdev->file))) {
+ 
+                 code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
++                ppdev->file = NULL;
+                 if (code < 0)
+                     return code;
+             }