Red Hat Bugzilla – Bug 503785
Ghostscript: Multiple NULL pointer dereferences in JBIG2 decoder
Last modified: 2016-03-04 07:11:11 EST
Multiple NULL pointer dereference deficiencies were found in the Ghostscript's JBIG2 compression format decoder. Opening a specially-crafted Portable Document
Format (PDF) file would cause "pdf2ps" to crash.
Note: This bug was discovered by PoC provided for the Adobe Reader 9.0
and Adobe Acrobat 9.0 CVE-2009-0658 flaw.
This issue does NOT affect the versions of the Ghostscript packages, as shipped
with Red Hat Enterprise Linux 3 or 4.
This issue affects the version of the Ghostscript package, as shipped
with Red Hat Enterprise Linux 5.
This issue affects the versions of the Ghostscript packages, as shipped
with Fedora releases of 9, 10, and 11.
Official statement from Red Hat regarding this bug:
Red Hat does not consider bugs which result in a user-assisted crash
of end user application (such as "pdf2ps") to be a security issue.
This has already been corrected in Fedora:
* Thu Jun 04 2009 Tim Waugh <firstname.lastname@example.org> 8.64-7
- Applied patch to fix NULL dereference in JBIG2 decoder (bug #503995).
Using the attached patch (newer variants for 8.70 are in Fedora CVS: ghostscript-jbig2dec-nullderef.patch).
CVE request: http://www.openwall.com/lists/oss-security/2009/10/26/4
A CVE name was never assigned to this and as we do not consider this a security flaw, I'm closing the bug.