An update for ghostscript is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of
 Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The Ghostscript suite contains utilities for rendering PostScript and PDF
 documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.

Security Fix(es):

* ghostscript: dangling pointer in gdev_prn_open_printer_seekable()
 (CVE-2023-46751)

* ghostscript: Buffer Overflow in Ghostscript PDF XRef Stream Handling
 (CVE-2024-46952)

* ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color
 Space (CVE-2024-46951)

* ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding
 (CVE-2024-46954)

* ghostscript: Path Traversal and Code Execution via Integer Overflow in
 Ghostscript (CVE-2024-46953)

* ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code
 Execution (CVE-2024-46956)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-46751: Use After Free (CWE-416)
CVE-2024-46951: Access of Uninitialized Pointer (CWE-824)
CVE-2024-46952: Buffer Copy without Checking Size of Input ('Classic Buffer
 Overflow') (CWE-120)
CVE-2024-46953: Integer Overflow or Wraparound (CWE-190)
CVE-2024-46954: Improper Limitation of a Pathname to a Restricted Directory
 ('Path Traversal') (CWE-22)
CVE-2024-46956: Out-of-bounds Read (CWE-125)