An Integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name allows a local attacker to cause a denial of service via a rafted PCL file and tranforming it to PDF format
References: https://bugs.ghostscript.com/show_bug.cgi?id=706898 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 2225381]
(In reply to Michael Kaplan from comment #1) > References: > > https://bugs.ghostscript.com/show_bug.cgi?id=70689 > https://bugs.ghostscript.com/show_bug.cgi?id=706897 > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c Strange fix that is: If "a > b - 1" is a problem because a, b are unsigned then why not use "a + 1 > b"? The fix relies implicitly on the fact that an "int" can fit a "u16", or else we get new problems ... (Can't comment on the original gs bug which is locked.)
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-38560
Hi The upstream bug reference should be https://bugs.ghostscript.com/show_bug.cgi?id=706898, can you please correct that here as well in the CVE record? Regards, Salvatore
(In reply to Salvatore Bonaccorso from comment #6) > Hi > > The upstream bug reference should be > https://bugs.ghostscript.com/show_bug.cgi?id=706898, can you please correct > that here as well in the CVE record? > > Regards, > Salvatore Fixed. Thanks!