add recent ghostscript cves

Signed-off-by: Weston Steimel <[email protected]>
anchore · Nov 11, 2024 · 283eabf · 283eabf
1 parent 26f99bd
commit 283eabf
Show file tree

Hide file tree

Showing 7 changed files with 234 additions and 2 deletions.
diff --git a/data/anchore/2024/CVE-2024-46951.json b/data/anchore/2024/CVE-2024-46951.json
@@ -0,0 +1,39 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-46951",
+    "description": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://bugs.ghostscript.com/show_bug.cgi?id=707991",
+      "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8",
+      "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html",
+      "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*"
+        ],
+        "product": "ghostscript",
+        "repo": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git",
+        "vendor": "artifex",
+        "versions": [
+          {
+            "lessThan": "10.04.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-46952.json b/data/anchore/2024/CVE-2024-46952.json
@@ -0,0 +1,38 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-46952",
+    "description": "An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values).",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://bugs.ghostscript.com/show_bug.cgi?id=708001",
+      "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=b1f0827c30f59a2dcbc8a39e42cace7a1de35f7f",
+      "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*"
+        ],
+        "product": "ghostscript",
+        "repo": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git",
+        "vendor": "artifex",
+        "versions": [
+          {
+            "lessThan": "10.04.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-46953.json b/data/anchore/2024/CVE-2024-46953.json
@@ -0,0 +1,39 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-46953",
+    "description": "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://bugs.ghostscript.com/show_bug.cgi?id=707793",
+      "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00",
+      "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html",
+      "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*"
+        ],
+        "product": "ghostscript",
+        "repo": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git",
+        "vendor": "artifex",
+        "versions": [
+          {
+            "lessThan": "10.04.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-46954.json b/data/anchore/2024/CVE-2024-46954.json
@@ -0,0 +1,38 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-46954",
+    "description": "An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://bugs.ghostscript.com/show_bug.cgi?id=707788",
+      "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934",
+      "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*"
+        ],
+        "product": "ghostscript",
+        "repo": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git",
+        "vendor": "artifex",
+        "versions": [
+          {
+            "lessThan": "10.04.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-46955.json b/data/anchore/2024/CVE-2024-46955.json
@@ -0,0 +1,39 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-46955",
+    "description": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://bugs.ghostscript.com/show_bug.cgi?id=707990",
+      "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6",
+      "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html",
+      "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*"
+        ],
+        "product": "ghostscript",
+        "repo": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git",
+        "vendor": "artifex",
+        "versions": [
+          {
+            "lessThan": "10.04.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-46956.json b/data/anchore/2024/CVE-2024-46956.json
@@ -0,0 +1,39 @@
+{
+  "additionalMetadata": {
+    "cna": "mitre",
+    "cveId": "CVE-2024-46956",
+    "description": "An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://bugs.ghostscript.com/show_bug.cgi?id=707895",
+      "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca",
+      "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html",
+      "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*"
+        ],
+        "product": "ghostscript",
+        "repo": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git",
+        "vendor": "artifex",
+        "versions": [
+          {
+            "lessThan": "10.04.0",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    }
+  }
+}
diff --git a/data/anchore/2024/CVE-2024-52007.json b/data/anchore/2024/CVE-2024-52007.json
@@ -18,8 +18,8 @@
       {
         "collectionURL": "https://repo.maven.apache.org/maven2",
         "cpes": [
-          "cpe:2.3:a:hapifhir:hl7_fhir_core:*:*:*:*:*:maven:*:*",
-          "cpe:2.3:a:ca.uhn.hapi.fhir:org.hl7.fhir.core:*:*:*:*:*:maven:*:*"
+          "cpe:2.3:a:ca.uhn.hapi.fhir:org.hl7.fhir.core:*:*:*:*:*:maven:*:*",
+          "cpe:2.3:a:hapifhir:hl7_fhir_core:*:*:*:*:*:maven:*:*"
         ],
         "packageName": "ca.uhn.hapi.fhir:org.hl7.fhir.core",
         "packageType": "maven",