oss-sec mailing list archives
Re: CVE assignment: ghostscript stack-based overflow
From: Josh Bressers <bressers () redhat com>
Date: Tue, 18 May 2010 13:35:06 -0400 (EDT)
----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:
CVE request for the second issue described in this advisory, just published: http://seclists.org/fulldisclosure/2010/May/134 quote: GhostScript (all tested versions) fails to properly handle infinitely recursive procedure invocations. By providing a PostScript file with a sequence such as: /A{pop 0 A 0} bind def /product A 0 the interpreter's internal stack will be overflowed with recursive calls, at which point execution will jump to an attacker-controlled address. This vulnerability can be exploited by enticing a user to open a maliciously crafted PostScript file, achieving arbitrary code execution. This issue has not yet been assigned a CVE identifier.
Use CVE-2010-1628 for this one.
Thanks.
--
JB
Current thread:
- CVE assignment: ghostscript stack-based overflow Steven M. Christey (May 11)
- Re: CVE assignment: ghostscript stack-based overflow Dan Rosenberg (May 11)
- Re: CVE assignment: ghostscript stack-based overflow Josh Bressers (May 18)
- Re: CVE assignment: ghostscript stack-based overflow Dan Rosenberg (May 11)