CVE-2016-8602: Incorrect Type Cast
First published: Wed Oct 12 2016(Updated: )
If you call .sethalftone5 with an empty operand stack, ghostscript crashes. This flaw could be exploitable Upstream bug : - <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED WONTFIX - [abrt] ease-0.4-1.fc14: memcpy: Process /usr/bin/ease was killed by signal 11 (SIGSEGV)" href="show_bug.cgi?id=697203">Bug 697203</a> - NULL dereference in .sethalftone5 <a href="http://bugs.ghostscript.com/show_bug.cgi?id=697203">http://bugs.ghostscript.com/show_bug.cgi?id=697203</a> Upstream patch : - <a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED WONTFIX - [abrt] ease-0.4-1.fc14: memcpy: Process /usr/bin/ease was killed by signal 11 (SIGSEGV)" href="show_bug.cgi?id=697203">Bug 697203</a>: check for sufficient params in .sethalftone5 <a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303">http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303</a> Reference : <a href="http://seclists.org/oss-sec/2016/q4/98">http://seclists.org/oss-sec/2016/q4/98</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Ghostscript | <=9.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=697203
- http://bugs.ghostscript.com/show_bug.cgi?id=697203
- http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303
- http://seclists.org/oss-sec/2016/q4/98
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1383941
- https://rhn.redhat.com/errata/RHSA-2017-0014.html
- https://rhn.redhat.com/errata/RHSA-2017-0013.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1383940
- http://rhn.redhat.com/errata/RHSA-2017-0013.html
- http://rhn.redhat.com/errata/RHSA-2017-0014.html
- http://www.debian.org/security/2016/dsa-3691
- http://www.openwall.com/lists/oss-security/2016/10/11/5
- http://www.openwall.com/lists/oss-security/2016/10/11/7
- http://www.securityfocus.com/bid/95311
- https://bugs.ghostscript.com/show_bug.cgi?id=697203
- https://ghostscript.com/doc/9.21/History9.htm
- https://security.gentoo.org/glsa/201702-31
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=f5c7555c303
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-8602
- agent/tags
- agent/trending
- vendor/artifex
- canonical/artifex ghostscript
- version/artifex ghostscript/9.20