Improper resource allocation - Buffer overflow In ghostscript
Description
In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 11 | =10.0.0~dfsg-1 || =10.0.0~dfsg-10 || =10.0.0~dfsg-11 || =10.0.0~dfsg-2 || =10.0.0~dfsg-3 || =10.0.0~dfsg-4 || =10.0.0~dfsg-5 || =10.0.0~dfsg-6 || =10.0.0~dfsg-7 || =10.0.0~dfsg-8 || =10.0.0~dfsg-9 || =10.01.2~dfsg-1 || =10.02.0~dfsg-1 || =10.02.0~dfsg-2 || =10.02.1~dfsg-1 || =10.02.1~dfsg-2 || =10.02.1~dfsg-3 || =10.03.0~dfsg-1 || =10.03.1~dfsg-1 || =10.03.1~dfsg-2 || =10.03.1~dfsg~git20240518-1 || =10.04.0~dfsg-1 || =10.04.0~dfsg-2 || =10.05.0~dfsg-1 || =10.05.1~dfsg-1 || =10.05.1~dfsg-2 || =10.05.1~dfsg-3 || =10.06.0~dfsg-1 || =10.06.0~dfsg-2 || =10.06.0~dfsg-3 || =10.07.0~dfsg-1 || =10.07.0~dfsg-2 || =9.53.3~dfsg-7 || =9.53.3~dfsg-7+deb11u1 || =9.53.3~dfsg-7+deb11u10 || =9.53.3~dfsg-7+deb11u11 || =9.53.3~dfsg-7+deb11u2 || =9.53.3~dfsg-7+deb11u3 || =9.53.3~dfsg-7+deb11u4 || =9.53.3~dfsg-7+deb11u5 || =9.53.3~dfsg-7+deb11u6 || =9.53.3~dfsg-7+deb11u7 || =9.53.3~dfsg-7+deb11u8 || =9.53.3~dfsg-7+deb11u9 || =9.53.3~dfsg-8 || =9.54.0~dfsg-1 || =9.54.0~dfsg-2 || =9.54.0~dfsg-3 || =9.54.0~dfsg-4 || =9.54.0~dfsg-5 || =9.55.0~dfsg-1 || =9.55.0~dfsg-2 || =9.55.0~dfsg-3 || =9.55.0~~rc1~dfsg-1 || =9.56.0~dfsg-1 || =9.56.0~~rc1~dfsg-1 || =9.56.0~~rc2~dfsg-1 || =9.56.1~dfsg-1 | - | |
debian 12 | =10.0.0~dfsg-11 || =10.0.0~dfsg-11+deb12u1 || =10.0.0~dfsg-11+deb12u2 || =10.0.0~dfsg-11+deb12u3 || =10.0.0~dfsg-11+deb12u4 || =10.0.0~dfsg-11+deb12u5 || =10.0.0~dfsg-11+deb12u6 || =10.0.0~dfsg-11+deb12u7 || =10.0.0~dfsg-11+deb12u8 || =10.01.2~dfsg-1 || =10.02.0~dfsg-1 || =10.02.0~dfsg-2 || =10.02.1~dfsg-1 || =10.02.1~dfsg-2 || =10.02.1~dfsg-3 || =10.03.0~dfsg-1 || =10.03.1~dfsg-1 || =10.03.1~dfsg-2 || =10.03.1~dfsg~git20240518-1 || =10.04.0~dfsg-1 || =10.04.0~dfsg-2 || =10.05.0~dfsg-1 || =10.05.1~dfsg-1 || =10.05.1~dfsg-2 || =10.05.1~dfsg-3 || =10.06.0~dfsg-1 || =10.06.0~dfsg-2 || =10.06.0~dfsg-3 || =10.07.0~dfsg-1 || =10.07.0~dfsg-2 | - | |
debian 13 | =10.05.1~dfsg-1 || =10.05.1~dfsg-1+deb13u1 || =10.05.1~dfsg-2 || =10.05.1~dfsg-3 || =10.06.0~dfsg-1 || =10.06.0~dfsg-2 || =10.06.0~dfsg-3 || =10.07.0~dfsg-1 || =10.07.0~dfsg-2 | - | |
debian 14 | =10.05.1~dfsg-1 || =10.05.1~dfsg-2 || =10.05.1~dfsg-3 || >=0 <10.06.0~dfsg-1 | 10.06.0~dfsg-1 | |
 alpine v3.23 | =10.0.0-r0 || =10.0.0-r1 || =10.0.0-r2 || =10.01.0-r0 || =10.01.0-r1 || =10.01.1-r0 || =10.01.1-r1 || =10.01.1-r2 || =10.01.2-r0 || =10.02.0-r0 || =10.02.0-r1 || =10.02.1-r0 || =10.03.1-r0 || =10.04.0-r0 || =10.05.0-r0 || =10.05.1-r0 || =10.05.1-r1 || =8.64-r0 || =8.70-r0 || =8.71-r0 || =8.71-r1 || =8.71-r2 || =8.71-r3 || =8.71-r4 || =9.00-r0 || =9.00-r1 || =9.00-r2 || =9.04-r0 || =9.05-r0 || =9.05-r1 || =9.06-r0 || =9.06-r1 || =9.06-r2 || =9.06-r3 || =9.07-r0 || =9.09-r0 || =9.09-r1 || =9.10-r0 || =9.10-r1 || =9.15-r0 || =9.15-r1 || =9.16-r0 || =9.16-r1 || =9.16-r2 || =9.18-r0 || =9.19-r0 || =9.19-r1 || =9.20-r0 || =9.20-r1 || =9.21-r0 || =9.21-r1 || =9.21-r2 || =9.21-r3 || =9.22-r0 || =9.24-r0 || =9.25-r0 || =9.25-r1 || =9.26-r0 || =9.26-r1 || =9.26-r2 || =9.27-r0 || =9.27-r1 || =9.27-r2 || =9.27-r3 || =9.27-r4 || =9.50-r0 || =9.51-r0 || =9.52-r0 || =9.53.1-r0 || =9.53.2-r0 || =9.53.3-r0 || =9.54.0-r0 || =9.54.0-r1 || =9.55.0-r0 || =9.56.1-r0 || >=0 <10.06.0-r0 | 10.06.0-r0 |
Does your application use this vulnerable software?
During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.