Bug 699661 - pdf14 garbage collection memory corruption
Summary: pdf14 garbage collection memory corruption
Status: NOTIFIED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Security (public) (show other bugs)
Version: unspecified
Hardware: PC Linux
: P2 major
Assignee: Chris Liddell (chrisl)
QA Contact: gs-security
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-21 18:59 UTC by Tavis Ormandy
Modified: 2019-05-08 13:28 UTC (History)
6 users (show)

See Also:
Customer: 501,641
Word Size: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy 2018-08-21 18:59:30 UTC
This issue was found by fuzzing, here is a minimal testcase:

{ null .load_tt_font_stripped } stopped {} if
b5
3
.pushpdf14devicefilter
null
null
gssetresolution
quit
Comment 1 Chris Liddell (chrisl) 2018-08-23 17:22:57 UTC
Fixed in:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c432131c3f