| Summary: | memory corruption in aesdecode | ||
|---|---|---|---|
| Product: | Ghostscript | Reporter: | Tavis Ormandy <taviso> |
| Component: | Security (public) | Assignee: | Chris Liddell (chrisl) <chris.liddell> |
| Status: | NOTIFIED FIXED | ||
| Severity: | normal | CC: | cbuissar, deekej, dr, jsmeix, scorneli, till.kamppeter |
| Priority: | P2 | ||
| Version: | unspecified | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | 501,641 | Word Size: | --- |
Fixed in this commit: 8e9ce5016db968b40e4ec255a3005f2786cce45f Basically, make sure we have set an AES key before we try to use it, otherwise we can try to access an uninitialised pointer. |
This was found by fuzzing, memory corruption in aesdecode operator $ ./gs -q -sDEVICE=ppmraw -dSAFER GS>{ runpdfbegin } stopped {} if GS>.writepdfmarkdict GS<1>{ PDFsetpattern } stopped {} if GS<7>resolveopdict GS<8>{ .copydict } stopped {} if GS<10>{ pdf_gen_user_password_R2 } stopped {} if GS<12>aesdecode Segmentation fault