Bug 2224368 (CVE-2023-38560)
Summary: | CVE-2023-38560 ghostscript: Integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | carnil, mjg, psampaio, rlescak, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-08-01 19:02:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2224375, 2224376, 2224377, 2224378, 2225381 | ||
Bug Blocks: | 2224370 |
Description
Michael Kaplan
2023-07-20 14:50:26 UTC
References: https://bugs.ghostscript.com/show_bug.cgi?id=706898 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 2225381] (In reply to Michael Kaplan from comment #1) > References: > > https://bugs.ghostscript.com/show_bug.cgi?id=70689 > https://bugs.ghostscript.com/show_bug.cgi?id=706897 > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c Strange fix that is: If "a > b - 1" is a problem because a, b are unsigned then why not use "a + 1 > b"? The fix relies implicitly on the fact that an "int" can fit a "u16", or else we get new problems ... (Can't comment on the original gs bug which is locked.) This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-38560 Hi The upstream bug reference should be https://bugs.ghostscript.com/show_bug.cgi?id=706898, can you please correct that here as well in the CVE record? Regards, Salvatore (In reply to Salvatore Bonaccorso from comment #6) > Hi > > The upstream bug reference should be > https://bugs.ghostscript.com/show_bug.cgi?id=706898, can you please correct > that here as well in the CVE record? > > Regards, > Salvatore Fixed. Thanks! |