An update for ghostscript is now available for openEuler-20.03-LTS-SP4
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2024-1463
Final
1.0
1.0
2024-04-19
Initial
2024-04-19
2024-04-19
openEuler SA Tool V1.0
2024-04-19
ghostscript security update
An update for ghostscript is now available for openEuler-20.03-LTS-SP4.
Ghostscript is an interpreter for PostScriptâ„¢ and Portable Document Format (PDF) files. Ghostscript consists of a PostScript interpreter layer, and a graphics library.
Security Fix(es):
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).(CVE-2020-36773)
An update for ghostscript is now available for openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Critical
ghostscript
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1463
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-36773
https://nvd.nist.gov/vuln/detail/CVE-2020-36773
openEuler-20.03-LTS-SP4
ghostscript-tools-dvipdf-9.52-13.oe2003sp4.aarch64.rpm
ghostscript-debuginfo-9.52-13.oe2003sp4.aarch64.rpm
ghostscript-9.52-13.oe2003sp4.aarch64.rpm
ghostscript-devel-9.52-13.oe2003sp4.aarch64.rpm
ghostscript-debugsource-9.52-13.oe2003sp4.aarch64.rpm
ghostscript-help-9.52-13.oe2003sp4.noarch.rpm
ghostscript-9.52-13.oe2003sp4.src.rpm
ghostscript-debuginfo-9.52-13.oe2003sp4.x86_64.rpm
ghostscript-devel-9.52-13.oe2003sp4.x86_64.rpm
ghostscript-tools-dvipdf-9.52-13.oe2003sp4.x86_64.rpm
ghostscript-9.52-13.oe2003sp4.x86_64.rpm
ghostscript-debugsource-9.52-13.oe2003sp4.x86_64.rpm
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).
2024-04-19
CVE-2020-36773
openEuler-20.03-LTS-SP4
Critical
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghostscript security update
2024-04-19
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1463