Bug 503785
Summary: | Ghostscript: Multiple NULL pointer dereferences in JBIG2 decoder | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED NOTABUG | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | twaugh, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.milw0rm.com/exploits/8090 | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-12-21 22:40:37 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 503991, 503992, 503994, 503995 | ||||||
Bug Blocks: | 501710, 621118 | ||||||
Attachments: |
|
Description
Jan Lieskovsky
2009-06-02 17:46:29 UTC
This issue does NOT affect the versions of the Ghostscript packages, as shipped with Red Hat Enterprise Linux 3 or 4. This issue affects the version of the Ghostscript package, as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of the Ghostscript packages, as shipped with Fedora releases of 9, 10, and 11. Official statement from Red Hat regarding this bug: --------------------------------------------------- Red Hat does not consider bugs which result in a user-assisted crash of end user application (such as "pdf2ps") to be a security issue. This has already been corrected in Fedora: * Thu Jun 04 2009 Tim Waugh <twaugh> 8.64-7 - Applied patch to fix NULL dereference in JBIG2 decoder (bug #503995). Using the attached patch (newer variants for 8.70 are in Fedora CVS: ghostscript-jbig2dec-nullderef.patch). CVE request: http://www.openwall.com/lists/oss-security/2009/10/26/4 A CVE name was never assigned to this and as we do not consider this a security flaw, I'm closing the bug. |