Bug 699659

Summary: missing type check in ztype
Product: Ghostscript Reporter: Tavis Ormandy <taviso>
Component: GeneralAssignee: Chris Liddell (chrisl) <chris.liddell>
Status: NOTIFIED FIXED QA Contact: gs-security
Severity: critical    
Priority: P2 CC: cbuissar, dkaspar, dr, jsmeix, scorneli, till.kamppeter
Version: unspecified   
Hardware: PC   
OS: Linux   
Customer: 501,641 Word Size: ---

Description Tavis Ormandy 2018-08-21 18:22:19 UTC
No type checking ztype, just have to pass the range check.

$ ./gs -q -sDEVICE=ppmraw -dSAFER 
GS>null [[][][][][][][][][][][][][][][]] .type
Segmentation fault
Comment 1 Chris Liddell (chrisl) 2018-08-23 11:44:14 UTC
Fixed in:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0edd3d6c63