Date: Tue, 02 Jun 2009 20:07:40 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: oss-security@...ts.openwall.com Subject: CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws in JBIG2 decoder proved by PoC for CVE-2009-0658 Hello Steve, multiple NULL pointer dereference flaws were identified in the Ghostscript's JBIG compression format decoder (jbig2dec) based on the PoC for recent Adobe Reader's 9.0, Adobe Acrobat's 9.0 (CVE-2009-0658) issue. References: https://bugzilla.redhat.com/show_bug.cgi?id=501710 https://bugzilla.redhat.com/show_bug.cgi?id=503785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658 PoC: http://milw0rm.com/sploits/2009-41414141.pdf Affected versions: All GPL-Ghostscript versions from ghostscript-8.10 (contains initial implementation of jbig2dec) up to latest upstream 8.64 one. Could you allocate a CVE id? Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.