oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws in JBIG2 decoder proved by PoC for CVE-2009-0658

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 02 Jun 2009 20:07:40 +0200
Hello Steve,

  multiple NULL pointer dereference flaws were identified in the 
Ghostscript's JBIG compression format decoder (jbig2dec)
based on the PoC for recent Adobe Reader's 9.0, Adobe Acrobat's 9.0
(CVE-2009-0658) issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=501710
https://bugzilla.redhat.com/show_bug.cgi?id=503785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658

PoC:
http://milw0rm.com/sploits/2009-41414141.pdf

Affected versions: All GPL-Ghostscript versions from ghostscript-8.10
                   (contains initial implementation of jbig2dec) up
                   to latest upstream 8.64 one.

Could you allocate a CVE id?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: