Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 13 Aug 2019 09:49:19 +0200
From: Cedric Buissart <cbuissar@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1

On Mon, Aug 12, 2019 at 4:48 PM Bob Friesenhahn
<bfriesen@...ple.dallas.tx.us> wrote:
>
> Is it known if this issue also impacts the PDF reader?  I see that the
> involved code is Resource/Init/gs_type1.ps which is presumably related
> to Postscript Type 1 fonts, which might be included in a PDF file.

My personal experience so far is that vulnerabilities requiring to
modify error handlers do not work when embedded in a PDF.
That being said, maybe I do it wrong and there might be other ways.
I didn't have an attempt with that one so far.

>
> Bob
> --
> Bob Friesenhahn
> bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
> GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
> Public Key,     http://www.simplesystems.org/users/bfriesen/public-key.txt



--
Cedric Buissart,
Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.