English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.10.2017.0430
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia: Security Advisory (MGASA-2017-0430)
Zusammenfassung:The remote host is missing an update for the 'ghostscript' package(s) announced via the MGASA-2017-0430 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'ghostscript' package(s) announced via the MGASA-2017-0430 advisory.

Vulnerability Insight:
Multiple use-after-free vulnerabilities in the gx_image_enum_begin
function in base/gxipixel.c in Ghostscript before
ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified
other impact via a crafted PostScript document. (CVE-2017-6196)

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
write and application crash) or possibly have unspecified other impact
via a crafted PostScript document. (CVE-2017-7948)

The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
read) via a crafted PostScript document. (CVE-2017-8908)

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get
function in jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.
(CVE-2017-9216)

The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) or possibly have
unspecified other impact via a crafted document. (CVE-2017-9610)

The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9618)

The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (Segmentation Violation and application crash) via a crafted
file. (CVE-2017-9619)

The xps_select_font_encoding function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document, related to the
xps_encode_font_char_imp function. (CVE-2017-9620)

The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document. (CVE-2017-9740)

Affected Software/OS:
'ghostscript' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-6196
BugTraq ID: 96428
http://www.securityfocus.com/bid/96428
https://security.gentoo.org/glsa/201708-06
http://www.securitytracker.com/id/1037899
Common Vulnerability Exposure (CVE) ID: CVE-2017-7948
https://security.gentoo.org/glsa/201811-12
Common Vulnerability Exposure (CVE) ID: CVE-2017-8908
BugTraq ID: 98427
http://www.securityfocus.com/bid/98427
https://bugs.ghostscript.com/show_bug.cgi?id=697810
Common Vulnerability Exposure (CVE) ID: CVE-2017-9216
BugTraq ID: 98680
http://www.securityfocus.com/bid/98680
https://bugs.ghostscript.com/show_bug.cgi?id=697934
https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9610
BugTraq ID: 99976
http://www.securityfocus.com/bid/99976
Common Vulnerability Exposure (CVE) ID: CVE-2017-9618
BugTraq ID: 99993
http://www.securityfocus.com/bid/99993
Common Vulnerability Exposure (CVE) ID: CVE-2017-9619
BugTraq ID: 99988
http://www.securityfocus.com/bid/99988
Common Vulnerability Exposure (CVE) ID: CVE-2017-9620
BugTraq ID: 99990
http://www.securityfocus.com/bid/99990
Common Vulnerability Exposure (CVE) ID: CVE-2017-9740
BugTraq ID: 99983
http://www.securityfocus.com/bid/99983
CopyrightCopyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.