699661 – pdf14 garbage collection memory corruption

Bug 699661 - pdf14 garbage collection memory corruption

Summary: pdf14 garbage collection memory corruption

Status:	NOTIFIED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	Security (public) (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 major
Assignee:	Chris Liddell (chrisl)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-08-21 18:59 UTC by Tavis Ormandy
Modified:	2019-05-08 13:28 UTC (History)
CC List:	6 users (show)

See Also:
Customer:	501,641
Word Size:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tavis Ormandy 2018-08-21 18:59:30 UTC

This issue was found by fuzzing, here is a minimal testcase:

{ null .load_tt_font_stripped } stopped {} if
b5
3
.pushpdf14devicefilter
null
null
gssetresolution
quit

Comment 1 Chris Liddell (chrisl) 2018-08-23 17:22:57 UTC

Fixed in:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c3f

Format For Printing
- XML
- Clone This Bug
- Top of page