Bug 503785 - Ghostscript: Multiple NULL pointer dereferences in JBIG2 decoder
Ghostscript: Multiple NULL pointer dereferences in JBIG2 decoder
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://www.milw0rm.com/exploits/8090
impact=low,public=20090223,reported=2...
: Security
Depends On: 503991 503992 503994 503995
Blocks: 501710 621118
  Show dependency treegraph
 
Reported: 2009-06-02 13:46 EDT by Jan Lieskovsky
Modified: 2016-03-04 07:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-21 17:40:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Suggested patch by Tim Waugh (3.51 KB, patch)
2009-06-02 13:49 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2009-06-02 13:46:29 EDT
Multiple NULL pointer dereference deficiencies were found in the Ghostscript's JBIG2 compression format decoder. Opening a specially-crafted Portable Document
Format (PDF) file would cause "pdf2ps" to crash.

Note: This bug was discovered by PoC provided for the Adobe Reader 9.0
      and Adobe Acrobat 9.0 CVE-2009-0658 flaw.

PoC: 
http://milw0rm.com/sploits/2009-41414141.pdf

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658
http://www.milw0rm.com/exploits/8090
http://www.milw0rm.com/exploits/8099
http://bl4cksecurity.blogspot.com/2009/03/adobe-acrobatreader-universal-exploit.html
http://milw0rm.com/exploits/8280
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://www.adobe.com/support/security/advisories/apsa09-01.html
Comment 2 Jan Lieskovsky 2009-06-02 13:51:48 EDT
This issue does NOT affect the versions of the Ghostscript packages, as shipped
with Red Hat Enterprise Linux 3 or 4.

This issue affects the version of the Ghostscript package, as shipped
with Red Hat Enterprise Linux 5.

This issue affects the versions of the Ghostscript packages, as shipped
with Fedora releases of 9, 10, and 11.
Comment 3 Jan Lieskovsky 2009-06-03 13:46:31 EDT
Official statement from Red Hat regarding this bug:
---------------------------------------------------

Red Hat does not consider bugs which result in a user-assisted crash
of end user application (such as "pdf2ps") to be a security issue.
Comment 7 Vincent Danen 2009-10-26 18:19:54 EDT
This has already been corrected in Fedora:

* Thu Jun 04 2009 Tim Waugh <twaugh@redhat.com> 8.64-7
- Applied patch to fix NULL dereference in JBIG2 decoder (bug #503995). 

Using the attached patch (newer variants for 8.70 are in Fedora CVS: ghostscript-jbig2dec-nullderef.patch).

CVE request: http://www.openwall.com/lists/oss-security/2009/10/26/4
Comment 8 Vincent Danen 2010-12-21 17:40:37 EST
A CVE name was never assigned to this and as we do not consider this a security flaw, I'm closing the bug.

Note You need to log in before you can comment on or make changes to this bug.