]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 42859fe) | patch
ghostscript: fix CVE-2023-38559
authorArchana Polampalli <archana.polampalli@windriver.com>
Thu, 10 Aug 2023 10:23:53 +0000 (10:23 +0000)
committerSteve Sakoman <steve@sakoman.com>
Thu, 10 Aug 2023 17:12:18 +0000 (07:12 -1000)
commite77c0b35969ae690b390ffae682fd6552ff8aff8
tree6d32ec08ad1f66fc99eb6dfaa4950f3a5a1c9eaatree | snapshot
parent42859fe600e5dddba3c51fa8d1e680721b73e5dccommit | diff
ghostscript: fix CVE-2023-38559

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle()
in ghostscript. This issue may allow a local attacker to cause a denial of service
via outputting a crafted PDF file for a DEVN device with gs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-38559

Upstream patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-38559.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core