Bug 691043

Summary: Vulnerability report : Ghostscript gs_type2_interpret null ptr dereference (Segmentation Fault)
Product: Ghostscript Reporter: Marcos H. Woehrmann <marcos.woehrmann>
Component: GeneralAssignee: Ken Sharp <ken.sharp>
Status: RESOLVED FIXED QA Contact: Bug traffic <tech>
Severity: normal    
Priority: P4    
Version: 0.00   
Hardware: PC   
OS: Linux   
Customer: Word Size: ---

Description Marcos H. Woehrmann 2010-01-04 22:13:11 UTC
A user has found a seg fault in the Ghostscript that could be used to launch a
denial of service attack.

The issue will be described in a private attachment.
Comment 1 Marcos H. Woehrmann 2010-01-04 22:13:36 UTC
Created attachment 5845 [details]
description.txt
Comment 2 Marcos H. Woehrmann 2010-01-04 22:15:59 UTC
Created attachment 5846 [details]
testg.109277045.pdf
Comment 3 Ken Sharp 2010-01-05 01:58:36 UTC
Created attachment 5850 [details]
691043-more.txt

Added an attachment with some more observations, private again.
Comment 4 Ken Sharp 2010-01-05 05:30:49 UTC
Assigning to me.
Comment 5 Ken Sharp 2010-01-06 03:21:43 UTC
Fixed in revision 10590, patch here:
http://ghostscript.com/pipermail/gs-cvs/2010-January/010333.html

As noted in the submission log this is not a totally comprehensive fix which
would require a fairly major inspection and overhaul of both the type 1 and type
2 font interpreter code, as well as the code in pdfwrite which performs similar
functions.