Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 May 2010 20:33:01 -0400
From: Dan Rosenberg <>
Cc: "Steven M. Christey" <>
Subject: Re: CVE assignment: ghostscript stack-based overflow

CVE request for the second issue described in this advisory, just published:


GhostScript (all tested versions) fails to properly handle infinitely
recursive procedure invocations.  By providing a PostScript file with a
sequence such as:

/A{pop 0 A 0} bind def
/product A 0

the interpreter's internal stack will be overflowed with recursive calls, at
which point execution will jump to an attacker-controlled address.  This
vulnerability can be exploited by enticing a user to open a maliciously crafted
PostScript file, achieving arbitrary code execution.  This issue has not yet
been assigned a CVE identifier.


On Tue, May 11, 2010 at 7:24 PM, Steven M. Christey
<> wrote:
> FYI.  The researcher told me that some distros were notified pre-disclosure,
> but I had already assigned this CVE when I found out.
> ======================================================
> Name: CVE-2010-1869
> Status: Candidate
> URL:
> Reference:
> Stack-based buffer overflow in the parser function in GhostScript 8.70
> and 8.64 allows context-dependent attackers to execute arbitrary code
> via a crafted PostScript file.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ