rpms/ghostscript
6
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL-67051 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution

Browse Source 
Resolves: RHEL-67051
This commit is contained in:
Zdenek Dohnal 2025-04-16 13:34:15 +02:00
parent c5885230e3
commit f4ce8e24f1
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
0001-PostScript-interpreter-fix-buffer-length-check.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/psi/zfile.c b/psi/zfile.c
index 05b8203..ee40a75 100644
--- a/psi/zfile.c
+++ b/psi/zfile.c
@@ -437,7 +437,7 @@ file_continue(i_ctx_t *i_ctx_p)
if (code == ~(uint) 0) { /* all done */
esp -= 5; /* pop proc, pfen, devlen, iodev , mark */
return o_pop_estack;
- } else if (code > len) { /* overran string */
+ } else if (code > len - devlen) { /* overran string */
return_error(gs_error_rangecheck);
}
else if (iodev != iodev_default(imemory)

4
ghostscript.spec
View File

@ -147,6 +147,9 @@ Patch032: 0001-Bug-707788-Fix-decode_utf8-to-forbid-overlong-encodi.patch
# RHEL-67051 CVE-2024-46953 ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec
Patch033: 0001-Bug-707793-Check-for-overflow-validating-format-stri.patch
# RHEL-67051 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
# https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3
Patch034: 0001-PostScript-interpreter-fix-buffer-length-check.patch
# Downstream patches -- these should be always included when doing rebase:
@ -493,6 +496,7 @@ done
- RHEL-15067 CVE-2020-27792 ghostscript: heap buffer over write vulnerability in GhostScript's lp8000_print_page() in gdevlp8k.c
- RHEL-67051 CVE-2024-46954 ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
- RHEL-67051 CVE-2024-46953 ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
- RHEL-67051 CVE-2024-46956 ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution
* Mon Oct 14 2024 Zdenek Dohnal <zdohnal@redhat.com> - 9.27-15
- fix printing PCL XL on some printers