diff options
| author | Catalin Enache <catalin.enache@windriver.com> | 2017-04-21 15:04:17 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-29 11:17:23 +0100 |
| commit | 5970acb3fe28d4af59834b5cacb2d8d4d3511506 (patch) | |
| tree | 0c53e13118b56cf279e4037459e6a9d581948187 /meta/recipes-bsp | |
| parent | 8913e94511812c44a9847bb9ea17af2469923187 (diff) | |
| download | poky-5970acb3fe28d4af59834b5cacb2d8d4d3511506.tar.gz | |
ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript
9.20 allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted file.
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file that is
mishandled in the PDF Transparency module.
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
(From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-bsp')
0 files changed, 0 insertions, 0 deletions