Date: Tue, 13 Aug 2019 09:49:19 +0200 From: Cedric Buissart <cbuissar@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 On Mon, Aug 12, 2019 at 4:48 PM Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> wrote: > > Is it known if this issue also impacts the PDF reader? I see that the > involved code is Resource/Init/gs_type1.ps which is presumably related > to Postscript Type 1 fonts, which might be included in a PDF file. My personal experience so far is that vulnerabilities requiring to modify error handlers do not work when embedded in a PDF. That being said, maybe I do it wrong and there might be other ways. I didn't have an attempt with that one so far. > > Bob > -- > Bob Friesenhahn > bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ > GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ > Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt -- Cedric Buissart, Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.