Description
* It was found that the ghostscript functions getenv, filenameforall and
.libfile did not honor the -dSAFER option, usually used when processing
untrusted documents, leading to information disclosure. A specially crafted
postscript document could read environment variable, list directory and retrieve
file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977)
* It was found that the ghostscript function .setdevice suffered a
use-after-free vulnerability due to an incorrect reference count. A specially
crafted postscript document could trigger code execution in the context of the
gs process. (CVE-2016-7978)
* It was found that the ghostscript function .initialize_dsc_parser did not
validate its parameter before using it, allowing a type confusion flaw. A
specially crafted postscript document could cause a crash code execution in the
context of the gs process. (CVE-2016-7979)
* It was found that ghostscript did not sufficiently check the validity of
parameters given to the .sethalftone5 function. A specially crafted postscript
document could cause a crash, or execute arbitrary code in the context of the gs
process. (CVE-2016-8602)