rpms/ghostscript
6
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL-67044 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space

Browse Source 
Resolves: RHEL-67044
This commit is contained in:
Zdenek Dohnal 2025-04-16 12:47:22 +02:00
parent a45295160f
commit e184197e52
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
0001-PS-interpreter-check-the-type-of-the-Pattern-Impleme.patch Normal file
View File

@ -0,0 +1,31 @@
From f49812186baa7d1362880673408a6fbe8719b4f8 Mon Sep 17 00:00:00 2001
From: Zdenek Hutyra <zhutyra@centrum.cz>
Date: Fri, 30 Aug 2024 13:16:39 +0100
Subject: [PATCH] PS interpreter - check the type of the Pattern Implementation
Bug #707991
See bug report for details.
CVE-2024-46951
---
psi/zcolor.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/psi/zcolor.c b/psi/zcolor.c
index d4e7a4438..d3384d75d 100644
--- a/psi/zcolor.c
+++ b/psi/zcolor.c
@@ -5276,6 +5276,9 @@ static int patterncomponent(i_ctx_t * i_ctx_p, ref *space, int *n)
code = array_get(imemory, pImpl, 0, &pPatInst);
if (code < 0)
return code;
+
+ if (!r_is_struct(&pPatInst) || (!r_has_stype(&pPatInst, imemory, st_pattern1_instance) && !r_has_stype(&pPatInst, imemory, st_pattern2_instance)))
+ return_error(gs_error_typecheck);
cc.pattern = r_ptr(&pPatInst, gs_pattern_instance_t);
if (pattern_instance_uses_base_space(cc.pattern))
*n = n_comps;
--
2.49.0

7
ghostscript.spec
View File

@ -45,7 +45,7 @@
Name: ghostscript Name: ghostscript
Summary: Interpreter for PostScript language & PDF Summary: Interpreter for PostScript language & PDF
Version: 10.02.1 Version: 10.02.1
Release: 14%{?dist} Release: 15%{?dist}
License: AGPL-3.0-or-later License: AGPL-3.0-or-later
@ -129,6 +129,8 @@ Patch: 0001-Bug-707510-don-t-allow-PDF-files-with-bad-Filters-to.patch
Patch: 0001-Uniprint-device-prevent-string-configuration-changes.patch Patch: 0001-Uniprint-device-prevent-string-configuration-changes.patch
# RHEL-46575 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction # RHEL-46575 CVE-2024-33869 ghostscript: path traversal and command execution due to path reduction
Patch: 0001-Bug-707691.patch Patch: 0001-Bug-707691.patch
# RHEL-67044 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
Patch: 0001-PS-interpreter-check-the-type-of-the-Pattern-Impleme.patch
# Downstream patches -- these should be always included when doing rebase: # Downstream patches -- these should be always included when doing rebase:
# ------------------ # ------------------
@ -445,6 +447,9 @@ done
# ============================================================================= # =============================================================================
%changelog %changelog
* Tue Apr 15 2025 Zdenek Dohnal <zdohnal@redhat.com> - 10.02.1-15
- RHEL-67044 CVE-2024-46951 ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 10.02.1-14 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 10.02.1-14
- Bump release for October 2024 mass rebuild: - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 Resolves: RHEL-64018