Bug 2224368 (CVE-2023-38560) - CVE-2023-38560 ghostscript: Integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name
Summary: CVE-2023-38560 ghostscript: Integer overflow in pcl/pl/plfont.c:418 in pl_gl...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2023-38560
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2224375 2224376 2224377 2224378 2225381
Blocks: 2224370
TreeView+ depends on / blocked
 
Reported: 2023-07-20 14:50 UTC by Michael Kaplan
Modified: 2023-08-07 12:15 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
Clone Of:
Environment:
Last Closed: 2023-08-01 19:02:50 UTC
Embargoed:


Attachments (Terms of Use)

Description Michael Kaplan 2023-07-20 14:50:26 UTC
An Integer overflow in pcl/pl/plfont.c:418 in pl_glyph_name allows a local attacker to cause a denial of service via a rafted PCL file and tranforming it to PDF format

Comment 3 TEJ RATHI 2023-07-25 07:05:58 UTC
Created ghostscript tracking bugs for this issue:

Affects: fedora-all [bug 2225381]

Comment 4 Michael J Gruber 2023-07-25 10:17:05 UTC
(In reply to Michael Kaplan from comment #1)
> References:
> 
> https://bugs.ghostscript.com/show_bug.cgi?id=70689
> https://bugs.ghostscript.com/show_bug.cgi?id=706897
> https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174c

Strange fix that is:

If "a > b - 1" is a problem because a, b are unsigned then why not use "a + 1 > b"?

The fix relies implicitly on the fact that an "int" can fit a "u16", or else we get new problems ... (Can't comment on the original gs bug which is locked.)

Comment 5 Product Security DevOps Team 2023-08-01 19:02:48 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-38560

Comment 6 Salvatore Bonaccorso 2023-08-04 04:07:58 UTC
Hi

The upstream bug reference should be https://bugs.ghostscript.com/show_bug.cgi?id=706898, can you please correct that here as well in the CVE record?

Regards,
Salvatore

Comment 7 Pedro Sampaio 2023-08-07 12:15:07 UTC
(In reply to Salvatore Bonaccorso from comment #6)
> Hi
> 
> The upstream bug reference should be
> https://bugs.ghostscript.com/show_bug.cgi?id=706898, can you please correct
> that here as well in the CVE record?
> 
> Regards,
> Salvatore

Fixed. Thanks!


Note You need to log in before you can comment on or make changes to this bug.