From a75a7462a473f2826db07ec083a07782e434f628 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Wed, 16 Apr 2025 13:08:54 +0200
Subject: [PATCH] RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in
 gdev_prn_open_printer_seekable()

Resolves: RHEL-18396
---
 ghostscript.spec        |  8 +++++++-
 gs-CVE-2023-46751.patch | 12 ++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 gs-CVE-2023-46751.patch

diff --git a/ghostscript.spec b/ghostscript.spec
index dcf52c8..9c395c3 100644
--- a/ghostscript.spec
+++ b/ghostscript.spec
@@ -37,7 +37,7 @@
 Name:             ghostscript
 Summary:          Interpreter for PostScript language & PDF
 Version:          9.27
-Release:          15%{?dist}
+Release:          16%{?dist}
 
 License:          AGPLv3+
 
@@ -130,6 +130,9 @@ Patch024: gs-cve-2024-33871.patch
 Patch025: 0001-Bug-701568-Fix-gdevpx.c-RLE-stream-handling.patch
 Patch026: 0001-Bug-701568-followup-Fix-RLE-compressor.patch
 Patch027: 0001-Bug-701949-Add-omitEOD-flag-to-RLE-compressor-and-us.patch
+# RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
+# partially taken from https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=dcdbc595c13c9
+Patch028: gs-CVE-2023-46751.patch
 
 
 # Downstream patches -- these should be always included when doing rebase:
@@ -470,6 +473,9 @@ done
 # =============================================================================
 
 %changelog
+* Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-16
+- RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
+
 * Mon Oct 14 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-15
 - fix printing PCL XL on some printers
 
diff --git a/gs-CVE-2023-46751.patch b/gs-CVE-2023-46751.patch
new file mode 100644
index 0000000..0c8c6c8
--- /dev/null
+++ b/gs-CVE-2023-46751.patch
@@ -0,0 +1,12 @@
+diff --git a/base/gdevprn.c b/base/gdevprn.c
+index 459846a..84802d9 100644
+--- a/base/gdevprn.c
++++ b/base/gdevprn.c
+@@ -1331,6 +1331,7 @@ gdev_prn_open_printer_seekable(gx_device *pdev, bool binary_mode,
+               && !IS_LIBCTX_STDERR(pdev->memory ,ppdev->file)) {
+ 
+                 code = gx_device_close_output_file(pdev, ppdev->fname, ppdev->file);
++                ppdev->file = NULL;
+                 if (code < 0)
+                     return code;
+             }