ALAS-2023-296

2024-02-15: CVE-2020-21710 was added to this advisory.

A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. (CVE-2020-21710)

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. (CVE-2023-38559)

aarch64:
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.3.aarch64
    libgs-devel-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.3.aarch64
    libgs-debuginfo-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-gtk-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-x11-9.56.1-7.amzn2023.0.3.aarch64
    libgs-9.56.1-7.amzn2023.0.3.aarch64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.3.aarch64

noarch:
    ghostscript-doc-9.56.1-7.amzn2023.0.3.noarch

src:
    ghostscript-9.56.1-7.amzn2023.0.3.src

x86_64:
    ghostscript-x11-debuginfo-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-tools-fonts-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-debuginfo-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-gtk-9.56.1-7.amzn2023.0.3.x86_64
    libgs-devel-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-x11-9.56.1-7.amzn2023.0.3.x86_64
    libgs-debuginfo-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-gtk-debuginfo-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-tools-printing-9.56.1-7.amzn2023.0.3.x86_64
    libgs-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-9.56.1-7.amzn2023.0.3.x86_64
    ghostscript-debugsource-9.56.1-7.amzn2023.0.3.x86_64