ghostscript-10.04.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14423-1 Final 1 1 2024-10-23T00:00:00Z current 2024-10-23T00:00:00Z 2024-10-23T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ghostscript-10.04.0-1.1 on GA media These are all security issues fixed in the ghostscript-10.04.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14423 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-46951/ SUSE CVE CVE-2024-46951 page https://www.suse.com/security/cve/CVE-2024-46952/ SUSE CVE CVE-2024-46952 page https://www.suse.com/security/cve/CVE-2024-46953/ SUSE CVE CVE-2024-46953 page https://www.suse.com/security/cve/CVE-2024-46954/ SUSE CVE CVE-2024-46954 page https://www.suse.com/security/cve/CVE-2024-46955/ SUSE CVE CVE-2024-46955 page https://www.suse.com/security/cve/CVE-2024-46956/ SUSE CVE CVE-2024-46956 page openSUSE Tumbleweed ghostscript-10.04.0-1.1 ghostscript-devel-10.04.0-1.1 ghostscript-x11-10.04.0-1.1 ghostscript-10.04.0-1.1 as a component of openSUSE Tumbleweed ghostscript-devel-10.04.0-1.1 as a component of openSUSE Tumbleweed ghostscript-x11-10.04.0-1.1 as a component of openSUSE Tumbleweed An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. CVE-2024-46951 openSUSE Tumbleweed:ghostscript-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-devel-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-x11-10.04.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-46951.html CVE-2024-46951 https://bugzilla.suse.com/1232173 SUSE Bug 1232173 https://bugzilla.suse.com/1232265 SUSE Bug 1232265 An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values). CVE-2024-46952 openSUSE Tumbleweed:ghostscript-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-devel-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-x11-10.04.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-46952.html CVE-2024-46952 https://bugzilla.suse.com/1232173 SUSE Bug 1232173 https://bugzilla.suse.com/1232266 SUSE Bug 1232266 An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. CVE-2024-46953 openSUSE Tumbleweed:ghostscript-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-devel-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-x11-10.04.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-46953.html CVE-2024-46953 https://bugzilla.suse.com/1232173 SUSE Bug 1232173 https://bugzilla.suse.com/1232267 SUSE Bug 1232267 An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. CVE-2024-46954 openSUSE Tumbleweed:ghostscript-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-devel-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-x11-10.04.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-46954.html CVE-2024-46954 https://bugzilla.suse.com/1232173 SUSE Bug 1232173 https://bugzilla.suse.com/1232268 SUSE Bug 1232268 An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. CVE-2024-46955 openSUSE Tumbleweed:ghostscript-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-devel-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-x11-10.04.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-46955.html CVE-2024-46955 https://bugzilla.suse.com/1232173 SUSE Bug 1232173 https://bugzilla.suse.com/1232269 SUSE Bug 1232269 An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. CVE-2024-46956 openSUSE Tumbleweed:ghostscript-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-devel-10.04.0-1.1 openSUSE Tumbleweed:ghostscript-x11-10.04.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-46956.html CVE-2024-46956 https://bugzilla.suse.com/1232173 SUSE Bug 1232173 https://bugzilla.suse.com/1232270 SUSE Bug 1232270