CVE-2017-11714 Ubuntu Security Notification for Ghostscript Vulnerabilities (USN-3403-1)

It was discovered that Ghostscript mishandles references.

It was discovered that Ghostscript could allow a heap-based buffer over-read and application crash.

An use-after-free vulnerability in Ghostscript.

A lack of integer overflow check in Ghostscript.

A remote attacker could use this to cause a denial of service. (CVE-2017-11714)

A remote attacker could use a crafted document to cause a denial of service. (CVE-2017-9611, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739)

A remote attacker could use a crafted file to cause a denial of service. (CVE-2017-9612)

A remote attacker could use crafted PostScript document to cause a denial of service. (CVE-2017-9835)

Refer to Ubuntu advisory USN-3403-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3403-1: 14.04 (Kylin) on src (ghostscript)

USN-3403-1: 14.04 (Kylin) on src (ghostscript-x)

USN-3403-1: 14.04 (Kylin) on src (libgs9)

USN-3403-1: 14.04 (Kylin) on src (libgs9-common)

USN-3403-1: 16.04 (Xenial) on src (ghostscript)

USN-3403-1: 16.04 (Xenial) on src (ghostscript-x)

USN-3403-1: 16.04 (Xenial) on src (libgs9)

USN-3403-1: 16.04 (Xenial) on src (libgs9-common)

USN-3403-1: 17.04 (zesty) on src (ghostscript)

USN-3403-1: 17.04 (zesty) on src (ghostscript-x)

USN-3403-1: 17.04 (zesty) on src (libgs9)

USN-3403-1: 17.04 (zesty) on src (libgs9-common)