Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Oct 2016 09:03:36 -0700
From: Tavis Ormandy <>
Subject: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems

On Wed, Oct 5, 2016 at 1:12 PM, Tavis Ormandy <> wrote:
> On Wed, Oct 5, 2016 at 9:13 AM, Tavis Ormandy <> wrote:
>> bug: type confusion in .initialize_dsc_parser allows remote code execution
>> id:
>> repro:
>> patch:;h=875a0095f37626a721c7ff57d606a0f95af03913
> It was pointed out to me that my testcase doesn't work on the 9.0x
> versions, because it doesn't allow encoding 64-bit integers, but it's
> still exploitable.

Here is a different type confusion bug, originally I thought it was
just a NULL dereference, but after seeing the patch it does look

repro: clear 16#41414141 .sethalftone5

Please assign a CVE for this one.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ