RHEL-67046 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space

Resolves: RHEL-67046
2025-04-16 13:12:01 +02:00 · 2025-04-16 13:12:01 +02:00 · df75ada1e2
commit df75ada1e2
parent a75a7462a4
2 changed files with 34 additions and 0 deletions
--- a/0001-PS-interpreter-check-the-type-of-the-Pattern-Impleme.patch
+++ b/0001-PS-interpreter-check-the-type-of-the-Pattern-Impleme.patch
@ -0,0 +1,31 @@
+From f49812186baa7d1362880673408a6fbe8719b4f8 Mon Sep 17 00:00:00 2001
+From: Zdenek Hutyra <zhutyra@centrum.cz>
+Date: Fri, 30 Aug 2024 13:16:39 +0100
+Subject: [PATCH] PS interpreter - check the type of the Pattern Implementation
+
+Bug #707991
+
+See bug report for details.
+
+CVE-2024-46951
+---
+ psi/zcolor.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/psi/zcolor.c b/psi/zcolor.c
+index d4e7a4438..d3384d75d 100644
+--- a/psi/zcolor.c
+++ b/psi/zcolor.c
+@@ -5276,6 +5276,9 @@ static int patterncomponent(i_ctx_t * i_ctx_p, ref *space, int *n)
+             code = array_get(imemory, pImpl, 0, &pPatInst);
+             if (code < 0)
+                 return code;
+
+            if (!r_is_struct(&pPatInst) || (!r_has_stype(&pPatInst, imemory, st_pattern1_instance) && !r_has_stype(&pPatInst, imemory, st_pattern2_instance)))
+                return_error(gs_error_typecheck);
+             cc.pattern = r_ptr(&pPatInst, gs_pattern_instance_t);
+             if (pattern_instance_uses_base_space(cc.pattern))
+                 *n = n_comps;
+-- 
+2.49.0
+
--- a/ghostscript.spec
+++ b/ghostscript.spec
@ -133,6 +133,8 @@ Patch027: 0001-Bug-701949-Add-omitEOD-flag-to-RLE-compressor-and-us.patch
 # RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
 # partially taken from https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=dcdbc595c13c9
 Patch028: gs-CVE-2023-46751.patch
+# RHEL-67046 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
+Patch029: 0001-PS-interpreter-check-the-type-of-the-Pattern-Impleme.patch


 # Downstream patches -- these should be always included when doing rebase:
@ -475,6 +477,7 @@ done
 %changelog
 * Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-16
 - RHEL-18396 CVE-2023-46751 ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
+- RHEL-67046 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space

 * Mon Oct 14 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-15
 - fix printing PCL XL on some printers