oss-sec mailing list archives
CVE-2015-3228 - Ghostscript - Integer overflow
From: William Robinet <william.robinet () conostix com>
Date: Thu, 23 Jul 2015 17:10:36 +0200
Dear oss-security list, An integer overflow has been fixed in Ghostscript. This has been assigned CVE-2015-3228 by Red Hat. The bug can be triggered during the execution of the "gs" binary with a specially crafted PostScript file with the "ps2pdf" command. References: Original bug report: http://bugs.ghostscript.com/show_bug.cgi?id=696041 Bug analysis: http://bugs.ghostscript.com/show_bug.cgi?id=696070 Corrective commit: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859 Red Hat reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3228 (should soon be publicly accessible) William (Please note I'm not a member of the list) -- GPG Key ID/Fingerprint: 74C7A949/B509 4137 1353 A3FC 6A87 AA06 003F A3DF 74C7 A949 Conostix S.A. 4, Rue d'Arlon L-8399 Windhof (Koerich) T. +352 26 10 30 61 F. +352 26 10 30 62
Current thread:
- CVE-2015-3228 - Ghostscript - Integer overflow William Robinet (Jul 23)