[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 23 Jul 2015 17:10:36 +0200
From: William Robinet <william.robinet@...ostix.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-3228 - Ghostscript - Integer overflow
Dear oss-security list,
An integer overflow has been fixed in Ghostscript. This has been assigned
CVE-2015-3228 by Red Hat.
The bug can be triggered during the execution of the "gs" binary with a
specially crafted PostScript file with the "ps2pdf" command.
References:
Original bug report:
http://bugs.ghostscript.com/show_bug.cgi?id=696041
Bug analysis:
http://bugs.ghostscript.com/show_bug.cgi?id=696070
Corrective commit:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
Red Hat reference:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3228
(should soon be publicly accessible)
William
(Please note I'm not a member of the list)
--
GPG Key ID/Fingerprint:
74C7A949/B509 4137 1353 A3FC 6A87 AA06 003F A3DF 74C7 A949
Conostix S.A.
4, Rue d'Arlon
L-8399 Windhof (Koerich)
T. +352 26 10 30 61
F. +352 26 10 30 62
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
