oss-security - CVE-2015-3228 - Ghostscript

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [day] [month] [year] [list]

Message-ID: <20150723151036.GJ29897@conostix.com>
Date: Thu, 23 Jul 2015 17:10:36 +0200
From: William Robinet <william.robinet@...ostix.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-3228 - Ghostscript - Integer overflow

Dear oss-security list,

An integer overflow has been fixed in Ghostscript. This has been assigned
CVE-2015-3228 by Red Hat.

The bug can be triggered during the execution of the "gs" binary with a
specially crafted PostScript file with the "ps2pdf" command.

References:

Original bug report:
    http://bugs.ghostscript.com/show_bug.cgi?id=696041

Bug analysis:
    http://bugs.ghostscript.com/show_bug.cgi?id=696070

Corrective commit:
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859

Red Hat reference:
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3228
    (should soon be publicly accessible)


William
(Please note I'm not a member of the list)

-- 
GPG Key ID/Fingerprint:
    74C7A949/B509 4137 1353 A3FC 6A87  AA06 003F A3DF 74C7 A949

Conostix S.A.
4, Rue d'Arlon
L-8399 Windhof (Koerich)
T. +352 26 10 30 61
F. +352 26 10 30 62

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.