RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()

Resolves: RHEL-18396

ghostscript.spec

@@ -37,7 +37,7 @@
 Name:             ghostscript
 Summary:          Interpreter for PostScript language & PDF
 Version:          9.27
-Release:          15%{?dist}
+Release:          16%{?dist}
 
 License:          AGPLv3+
 
@@ -130,6 +130,9 @@ Patch024: gs-cve-2024-33871.patch
 Patch025: 0001-Bug-701568-Fix-gdevpx.c-RLE-stream-handling.patch
 Patch026: 0001-Bug-701568-followup-Fix-RLE-compressor.patch
 Patch027: 0001-Bug-701949-Add-omitEOD-flag-to-RLE-compressor-and-us.patch
+# RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
+# partially taken from https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=dcdbc595c13c9
+Patch028: gs-CVE-2023-46751.patch
 
 
 # Downstream patches -- these should be always included when doing rebase:
@@ -470,6 +473,9 @@ done
 # =============================================================================
 
 %changelog
+* Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-16
+- RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
+
 * Mon Oct 14 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-15
 - fix printing PCL XL on some printers
 

gs-CVE-2023-46751.patch

@@ -0,0 +1,12 @@
+diff --git a/base/gdevprn.c b/base/gdevprn.c
+index 459846a..84802d9 100644
+--- a/base/gdevprn.c
++++ b/base/gdevprn.c
+@@ -1331,6 +1331,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode,
+               && !IS_LIBCTX_STDERR(pdev->memory ,ppdev->file)) {
+ 
+                 code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
++                ppdev->file = NULL;
+                 if (code < 0)
+                     return code;
+             }