English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2017.0430
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2017-0430)
Resumen:The remote host is missing an update for the 'ghostscript' package(s) announced via the MGASA-2017-0430 advisory.
Descripción:Summary:
The remote host is missing an update for the 'ghostscript' package(s) announced via the MGASA-2017-0430 advisory.

Vulnerability Insight:
Multiple use-after-free vulnerabilities in the gx_image_enum_begin
function in base/gxipixel.c in Ghostscript before
ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause
a denial of service (application crash) or possibly have unspecified
other impact via a crafted PostScript document. (CVE-2017-6196)

Integer overflow in the mark_curve function in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
write and application crash) or possibly have unspecified other impact
via a crafted PostScript document. (CVE-2017-7948)

The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21
allows remote attackers to cause a denial of service (out-of-bounds
read) via a crafted PostScript document. (CVE-2017-8908)

libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and
Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get
function in jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.
(CVE-2017-9216)

The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) or possibly have
unspecified other impact via a crafted document. (CVE-2017-9610)

The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript
GhostXPS 9.21 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted document. (CVE-2017-9618)

The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (Segmentation Violation and application crash) via a crafted
file. (CVE-2017-9619)

The xps_select_font_encoding function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document, related to the
xps_encode_font_char_imp function. (CVE-2017-9620)

The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex
Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) or possibly
have unspecified other impact via a crafted document. (CVE-2017-9740)

Affected Software/OS:
'ghostscript' package(s) on Mageia 5, Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-6196
BugTraq ID: 96428
http://www.securityfocus.com/bid/96428
https://security.gentoo.org/glsa/201708-06
http://www.securitytracker.com/id/1037899
Common Vulnerability Exposure (CVE) ID: CVE-2017-7948
https://security.gentoo.org/glsa/201811-12
Common Vulnerability Exposure (CVE) ID: CVE-2017-8908
BugTraq ID: 98427
http://www.securityfocus.com/bid/98427
https://bugs.ghostscript.com/show_bug.cgi?id=697810
Common Vulnerability Exposure (CVE) ID: CVE-2017-9216
BugTraq ID: 98680
http://www.securityfocus.com/bid/98680
https://bugs.ghostscript.com/show_bug.cgi?id=697934
https://lists.debian.org/debian-lts-announce/2021/10/msg00023.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9610
BugTraq ID: 99976
http://www.securityfocus.com/bid/99976
Common Vulnerability Exposure (CVE) ID: CVE-2017-9618
BugTraq ID: 99993
http://www.securityfocus.com/bid/99993
Common Vulnerability Exposure (CVE) ID: CVE-2017-9619
BugTraq ID: 99988
http://www.securityfocus.com/bid/99988
Common Vulnerability Exposure (CVE) ID: CVE-2017-9620
BugTraq ID: 99990
http://www.securityfocus.com/bid/99990
Common Vulnerability Exposure (CVE) ID: CVE-2017-9740
BugTraq ID: 99983
http://www.securityfocus.com/bid/99983
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.