An incorrect reference count was found in .setdevice. This leads to a use-after-free, triggering a Denial of Service, or possibly, arbitrary code execution.
Upstream bug :
- Bug 697179 - double free with .setdevice
upstream fix :
- Bug 697179: Reference count device icc profile when copying a device
Ghostscript's ICC profile management is a feature that started with version 9.
Thus previous versions, in particular ghostscript 8.70, do not have capability to open ICC profile files for color management, and thus are not affected by this CVE.
RHEL5 and 6 are not affected by this issue.
Created ghostscript tracking bugs for this issue:
Affects: fedora-all [bug 1390488]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:0013 https://rhn.redhat.com/errata/RHSA-2017-0013.html