oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2015-3228 - Ghostscript - Integer overflow

From: William Robinet <william.robinet () conostix com>
Date: Thu, 23 Jul 2015 17:10:36 +0200
Dear oss-security list,

An integer overflow has been fixed in Ghostscript. This has been assigned
CVE-2015-3228 by Red Hat.

The bug can be triggered during the execution of the "gs" binary with a
specially crafted PostScript file with the "ps2pdf" command.

References:

Original bug report:
    http://bugs.ghostscript.com/show_bug.cgi?id=696041

Bug analysis:
    http://bugs.ghostscript.com/show_bug.cgi?id=696070

Corrective commit:
    http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859

Red Hat reference:
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3228
    (should soon be publicly accessible)


William
(Please note I'm not a member of the list)

-- 
GPG Key ID/Fingerprint:
    74C7A949/B509 4137 1353 A3FC 6A87  AA06 003F A3DF 74C7 A949

Conostix S.A.
4, Rue d'Arlon
L-8399 Windhof (Koerich)
T. +352 26 10 30 61
F. +352 26 10 30 62
Previous By Date Next
Previous By Thread Next

Current thread: