Date: Thu, 23 Jul 2015 17:10:36 +0200 From: William Robinet <william.robinet@...ostix.com> To: oss-security@...ts.openwall.com Subject: CVE-2015-3228 - Ghostscript - Integer overflow Dear oss-security list, An integer overflow has been fixed in Ghostscript. This has been assigned CVE-2015-3228 by Red Hat. The bug can be triggered during the execution of the "gs" binary with a specially crafted PostScript file with the "ps2pdf" command. References: Original bug report: http://bugs.ghostscript.com/show_bug.cgi?id=696041 Bug analysis: http://bugs.ghostscript.com/show_bug.cgi?id=696070 Corrective commit: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859 Red Hat reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3228 (should soon be publicly accessible) William (Please note I'm not a member of the list) -- GPG Key ID/Fingerprint: 74C7A949/B509 4137 1353 A3FC 6A87 AA06 003F A3DF 74C7 A949 Conostix S.A. 4, Rue d'Arlon L-8399 Windhof (Koerich) T. +352 26 10 30 61 F. +352 26 10 30 62
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.