A user has found a seg fault in the Ghostscript that could be used to launch a
denial of service attack.
The issue will be described in a private attachment.
Created attachment 5845 [details]
Created attachment 5846 [details]
Created attachment 5850 [details]
Added an attachment with some more observations, private again.
Assigning to me.
Fixed in revision 10590, patch here:
As noted in the submission log this is not a totally comprehensive fix which
would require a fairly major inspection and overhaul of both the type 1 and type
2 font interpreter code, as well as the code in pdfwrite which performs similar