Full Disclosure mailing list archives
Re: Multiple memory corruption vulnerabilities in Ghostscript
From: Marsh Ray <marsh () extendedsubset com>
Date: Tue, 11 May 2010 22:44:20 -0500
On 5/11/2010 8:30 PM, Peter Besenbruch wrote:
On Tue, 11 May 2010 20:27:35 -0400 Dan Rosenberg <dan.j.rosenberg () gmail com> wrote:==Solution== In the absence of a patch, users are encouraged to discontinue use of Ghostscript or avoid processing untrusted PostScript files.
How are you supposed to trust a document before you read it?! Judge it by it's cover perhaps?
Ghostscript is an important part of most Linux systems out there. If you remove Ghostscript, you remove the ability to print in most cases. The advice to avoid opening unknown PS files is good.
Unless you're a printer.
I wonder whether a similar flaw exists in Ghostscript's handling of PDF files.
Last I checked (a long long time ago), PDF wasn't a Turing-complete programming language like Postscript, so it wouldn't allow recursion needed for this flaw. Maybe that's why they couldn't resist adding Javascript to it.
If such an attack is possible with a PDF, the flaw is potentially much more serious.
Well, I need to read 'em both. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple memory corruption vulnerabilities in Ghostscript Dan Rosenberg (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Peter Besenbruch (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Marsh Ray (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Dan Rosenberg (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Marsh Ray (May 11)
- Re: Multiple memory corruption vulnerabilities in Ghostscript Peter Besenbruch (May 11)