oss-sec mailing list archives

Re: CVE request: ghostscript

From: Vincent Danen <vdanen () redhat com>
Date: Mon, 12 Jul 2010 11:00:56 -0600

* [2010-07-12 12:48:35 -0400] Dan Rosenberg wrote:

I believe this is identical to CVE-2010-1869
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1869).


They don't look identical to me.  Patches differ, upstream bugs differ.

Can't really do anything hands-on to test since the PoC attached to the
upstream bug is private.

On Mon, Jul 12, 2010 at 12:28 PM, Marc Deslauriers
<marc.deslauriers () canonical com> wrote:

Hi,

I don't think this ever got a CVE:

A memory corruption vulnerability in Ghostscript 8.64 and earlier caused
by long names can lead to arbitrary code execution.

http://bugs.ghostscript.com/show_bug.cgi?id=690523
http://svn.ghostscript.com/viewvc?view=rev&revision=9797

--

Vincent Danen / Red Hat Security Response Team

Current thread:

CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
  - Re: CVE request: ghostscript Vincent Danen (Jul 12)
    - Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
    - Re: CVE request: ghostscript Marc Deslauriers (Jul 12)
    - Re: CVE request: ghostscript Josh Bressers (Jul 12)