Bug 582300 (CVE-2010-1869)

Summary: CVE-2010-1869 ghostscript: PS parser buffer overflow in token scanner
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-12 08:06:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 582308    
Bug Blocks:    

Description Vincent Danen 2010-04-14 15:30:24 UTC 
A buffer overflow vulnerability in Ghostscript's parser function was reported.  A specially crafted postscript file could result in the execution of arbitrary code if opened or printed (i.e. via CUPS).  Note that stack protections in the compiler render this into nothing more than a denial of service.  This has been corrected in upstream Ghostscript 8.71; at least 8.64 and 8.70 are affected by this issue.  Testing of Ghostscript 8.15 shows it does not suffer from this flaw.

Acknowledgements:

Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue.
Comment 1 Vincent Danen 2010-04-14 15:32:23 UTC 
This issue does not affect Fedora 11 or higher as they provide Ghostscript 8.71.

This issue does not affect Red Hat Enterprise Linux 5 or earlier due to the older versions of Ghostscript (8.15 and older).
Comment 6 Tomas Hoger 2010-04-15 18:37:25 UTC 
Relevant upstream bug and commit should be:
  http://bugs.ghostscript.com/show_bug.cgi?id=690902
  http://code.google.com/p/ghostscript/source/detail?r=10312
Comment 9 Tomas Hoger 2010-05-12 06:35:11 UTC 
Public now via:
  http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html
Comment 10 Tomas Hoger 2010-05-12 06:36:28 UTC 
Statement:

Not vulnerable.  This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.