Bug 691043 - Vulnerability report : Ghostscript gs_type2_interpret null ptr dereference (Segmentation Fault)
Summary: Vulnerability report : Ghostscript gs_type2_interpret null ptr dereference (S...
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: General (show other bugs)
Version: 0.00
Hardware: PC Linux
: P4 normal
Assignee: Ken Sharp
QA Contact: Bug traffic
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-04 22:13 UTC by Marcos H. Woehrmann
Modified: 2010-01-06 03:21 UTC (History)
0 users

See Also:
Customer:
Word Size: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcos H. Woehrmann 2010-01-04 22:13:11 UTC
A user has found a seg fault in the Ghostscript that could be used to launch a
denial of service attack.

The issue will be described in a private attachment.
Comment 1 Marcos H. Woehrmann 2010-01-04 22:13:36 UTC
Created attachment 5845 [details]
description.txt
Comment 2 Marcos H. Woehrmann 2010-01-04 22:15:59 UTC
Created attachment 5846 [details]
testg.109277045.pdf
Comment 3 Ken Sharp 2010-01-05 01:58:36 UTC
Created attachment 5850 [details]
691043-more.txt

Added an attachment with some more observations, private again.
Comment 4 Ken Sharp 2010-01-05 05:30:49 UTC
Assigning to me.
Comment 5 Ken Sharp 2010-01-06 03:21:43 UTC
Fixed in revision 10590, patch here:
http://ghostscript.com/pipermail/gs-cvs/2010-January/010333.html

As noted in the submission log this is not a totally comprehensive fix which
would require a fairly major inspection and overhaul of both the type 1 and type
2 font interpreter code, as well as the code in pdfwrite which performs similar
functions.