Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 02 Jun 2009 20:07:40 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws
 in JBIG2 decoder proved by PoC for CVE-2009-0658

Hello Steve,

  multiple NULL pointer dereference flaws were identified in the 
Ghostscript's JBIG compression format decoder (jbig2dec)
based on the PoC for recent Adobe Reader's 9.0, Adobe Acrobat's 9.0
(CVE-2009-0658) issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=501710
https://bugzilla.redhat.com/show_bug.cgi?id=503785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658

PoC:
http://milw0rm.com/sploits/2009-41414141.pdf

Affected versions: All GPL-Ghostscript versions from ghostscript-8.10
                   (contains initial implementation of jbig2dec) up
                   to latest upstream 8.64 one.

Could you allocate a CVE id?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team




Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.