691043 – Vulnerability report : Ghostscript gs_type2_interpret null ptr dereference (Segmentation Fault)

Bug 691043 - Vulnerability report : Ghostscript gs_type2_interpret null ptr dereference (Segmentation Fault)

Summary: Vulnerability report : Ghostscript gs_type2_interpret null ptr dereference (S...

Status:	RESOLVED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	General (show other bugs)
Version:	0.00
Hardware:	PC Linux

Importance:	P4 normal
Assignee:	Ken Sharp

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-01-04 22:13 UTC by Marcos H. Woehrmann
Modified:	2010-01-06 03:21 UTC (History)
CC List:	0 users

See Also:
Customer:
Word Size:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcos H. Woehrmann 2010-01-04 22:13:11 UTC

A user has found a seg fault in the Ghostscript that could be used to launch a
denial of service attack.

The issue will be described in a private attachment.

Comment 1 Marcos H. Woehrmann 2010-01-04 22:13:36 UTC

Created attachment 5845 [details]
description.txt

Comment 2 Marcos H. Woehrmann 2010-01-04 22:15:59 UTC

Created attachment 5846 [details]
testg.109277045.pdf

Comment 3 Ken Sharp 2010-01-05 01:58:36 UTC

Created attachment 5850 [details]
691043-more.txt

Added an attachment with some more observations, private again.

Comment 4 Ken Sharp 2010-01-05 05:30:49 UTC

Assigning to me.

Comment 5 Ken Sharp 2010-01-06 03:21:43 UTC

Fixed in revision 10590, patch here:
http://ghostscript.com/pipermail/gs-cvs/2010-January/010333.html

As noted in the submission log this is not a totally comprehensive fix which
would require a fairly major inspection and overhaul of both the type 1 and type
2 font interpreter code, as well as the code in pdfwrite which performs similar
functions.