Multiple NULL pointer dereference deficiencies were found in the Ghostscript's JBIG2 compression format decoder. Opening a specially-crafted Portable Document Format (PDF) file would cause "pdf2ps" to crash. Note: This bug was discovered by PoC provided for the Adobe Reader 9.0 and Adobe Acrobat 9.0 CVE-2009-0658 flaw. PoC: http://milw0rm.com/sploits/2009-41414141.pdf References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658 http://www.milw0rm.com/exploits/8090 http://www.milw0rm.com/exploits/8099 http://bl4cksecurity.blogspot.com/2009/03/adobe-acrobatreader-universal-exploit.html http://milw0rm.com/exploits/8280 http://www.adobe.com/support/security/bulletins/apsb09-04.html http://www.adobe.com/support/security/advisories/apsa09-01.html
This issue does NOT affect the versions of the Ghostscript packages, as shipped with Red Hat Enterprise Linux 3 or 4. This issue affects the version of the Ghostscript package, as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of the Ghostscript packages, as shipped with Fedora releases of 9, 10, and 11.
Official statement from Red Hat regarding this bug: --------------------------------------------------- Red Hat does not consider bugs which result in a user-assisted crash of end user application (such as "pdf2ps") to be a security issue.
This has already been corrected in Fedora: * Thu Jun 04 2009 Tim Waugh <twaugh> 8.64-7 - Applied patch to fix NULL dereference in JBIG2 decoder (bug #503995). Using the attached patch (newer variants for 8.70 are in Fedora CVS: ghostscript-jbig2dec-nullderef.patch). CVE request: http://www.openwall.com/lists/oss-security/2009/10/26/4
A CVE name was never assigned to this and as we do not consider this a security flaw, I'm closing the bug.