rpms/ghostscript
6
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL-67053 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution

Browse Source 
Resolves: RHEL-67053
This commit is contained in:
Zdenek Dohnal 2025-04-16 12:37:03 +02:00
parent dc9023cd29
commit bb9248dc58
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
0001-PostScript-interpreter-fix-buffer-length-check.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/psi/zfile.c b/psi/zfile.c
index 05b8203..ee40a75 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -437,7 +437,7 @@ file_continue(i_ctx_t *i_ctx_p)
if (code == ~(uint) 0) { /* all done */
esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
return o_pop_estack;
- } else if (code > len) { /* overran string */
+ } else if (code > len - devlen) { /* overran string */
return_error(gs_error_rangecheck);
}
else if (iodev != iodev_default(imemory)

4
ghostscript.spec
View File

@ -135,6 +135,9 @@ Patch019: 0001-Bug-707788-Fix-decode_utf8-to-forbid-overlong-encodi.patch
# RHEL-67053 CVE-2024-46953 ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec
Patch020: 0001-Bug-707793-Check-for-overflow-validating-format-stri.patch
# RHEL-67053 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3
Patch021: 0001-PostScript-interpreter-fix-buffer-length-check.patch
# Downstream patches -- these should be always included when doing rebase:
# ------------------
@ -473,6 +476,7 @@ done
- RHEL-67048 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
- RHEL-67053 CVE-2024-46954 ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
- RHEL-67053 CVE-2024-46953 ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
- RHEL-67053 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
* Mon Jul 08 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.54.0-17
- RHEL-44759 CVE-2024-33870 ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths