ghostscript: CVE-2016-8602, CVE-2017-7975 - linux/poky.git

diff options

author	Catalin Enache <catalin.enache@windriver.com>	2017-05-08 16:42:59 +0300
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-06-05 23:30:21 +0100
commit	31e9be198160dbeb3d6ab10a3324457f9e502537 (patch)
tree	796fc57a809ad78d0c86d69512edee6b8b491180 /meta/recipes-extended/bc/bc_1.06.bb
parent	829e2027b6c7f4f2d6fa03e158bfe371b7848919 (diff)
download	poky-31e9be198160dbeb3d6ab10a3324457f9e502537.tar.gz

ghostscript: CVE-2016-8602, CVE-2017-7975

The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. References: https://nvd.nist.gov/vuln/detail/CVE-2016-8602 https://nvd.nist.gov/vuln/detail/CVE-2017-7975 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e57e483298 (From OE-Core rev: 8f919c2df47ca93132f21160d919b6ee2207d9a6) (From OE-Core rev: 6040b8735b79397bf49a2154f81e9aab34c15413) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended/bc/bc_1.06.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: