oss-sec mailing list archives
Re: ghostscript CVE for multiple NULL dereferences in JBIG2 decoder
From: Raphael Geissert <geissert () debian org>
Date: Tue, 27 Oct 2009 01:06:53 -0600
Vincent Danen wrote:
I'm not sure if a CVE name has ever been requested for this issue. Similar to Adobe's CVE-2009-0658 issue, the same PDF proof-of-concept was used to crash ghostscript (multiple NULL pointer dereference flaws found in Ghostscript's JBIG2 compression format decoder). If a CVE name was assigned for this, does anyone know it? I can't find it. If not, could one be assigned? Details are available on our bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=503785
The same PoC crashes xpdf. I'm not aware of any CVE id being assigned for this issue other than the one for Adobe Reader. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- ghostscript CVE for multiple NULL dereferences in JBIG2 decoder Vincent Danen (Oct 26)
- Re: ghostscript CVE for multiple NULL dereferences in JBIG2 decoder Raphael Geissert (Oct 27)
- Re: Re: ghostscript CVE for multiple NULL dereferences in JBIG2 decoder Mark J Cox (Oct 28)
- Re: Re: ghostscript CVE for multiple NULL dereferences in JBIG2 decoder Oden Eriksson (Oct 29)
- Re: Re: ghostscript CVE for multiple NULL dereferences in JBIG2 decoder Mark J Cox (Oct 28)
- Re: ghostscript CVE for multiple NULL dereferences in JBIG2 decoder Raphael Geissert (Oct 27)