Bug 2075523 (CVE-2022-1350)

Summary: CVE-2022-1350 ghostscript: Improper release of objects in chunk_free_object during PCL to PDF conversion
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: akhaitovich, mjg, mosvald, rlescak, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-16 15:15:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2086552    
Bug Blocks: 2079677    

Description Avinash Hanwate 2022-04-14 12:21:48 UTC 
A vulnerability classified as problematic was found in Ghostscript 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.

https://bugs.ghostscript.com/show_bug.cgi?id=705156
https://vuldb.com/?id.197290
https://bugs.ghostscript.com/attachment.cgi?id=22323
Comment 1 Michael J Gruber 2022-04-14 14:36:04 UTC 
All referenced bugs are locked. There is no way for us to know whether http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e1134d375e2ca176068e19a2aa9b040baffe1c22 is a complete fix or (2) is pending. The vulnerability does not mention Ghostscript 9.56.1 but from quick-checking git, I don't expect it to contain any fixes. Do not expect a fix of the Fedora package until this changes :|
Comment 2 Mauro Matteo Cascella 2022-05-16 12:23:48 UTC 
Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 2086552]
Comment 3 Product Security DevOps Team 2022-05-16 15:15:10 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1350