oss-sec mailing list archives
CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws in JBIG2 decoder proved by PoC for CVE-2009-0658
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 02 Jun 2009 20:07:40 +0200
Hello Steve, multiple NULL pointer dereference flaws were identified in the Ghostscript's JBIG compression format decoder (jbig2dec) based on the PoC for recent Adobe Reader's 9.0, Adobe Acrobat's 9.0 (CVE-2009-0658) issue. References: https://bugzilla.redhat.com/show_bug.cgi?id=501710 https://bugzilla.redhat.com/show_bug.cgi?id=503785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658 PoC: http://milw0rm.com/sploits/2009-41414141.pdf Affected versions: All GPL-Ghostscript versions from ghostscript-8.10 (contains initial implementation of jbig2dec) up to latest upstream 8.64 one. Could you allocate a CVE id? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws in JBIG2 decoder proved by PoC for CVE-2009-0658 Jan Lieskovsky (Jun 02)