Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 18 May 2010 13:35:06 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE assignment: ghostscript stack-based overflow


----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote:

> CVE request for the second issue described in this advisory, just
> published:
> 
> http://seclists.org/fulldisclosure/2010/May/134
> 
> quote:
> 
> GhostScript (all tested versions) fails to properly handle infinitely
> recursive procedure invocations.  By providing a PostScript file with a
> sequence such as:
> 
> /A{pop 0 A 0} bind def
> /product A 0
> 
> the interpreter's internal stack will be overflowed with recursive calls,
> at which point execution will jump to an attacker-controlled address.
> This vulnerability can be exploited by enticing a user to open a
> maliciously crafted PostScript file, achieving arbitrary code execution.
> This issue has not yet been assigned a CVE identifier.
> 

Use CVE-2010-1628 for this one.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.