Bug 582300 (CVE-2010-1869) - CVE-2010-1869 ghostscript: PS parser buffer overflow in token scanner
Summary: CVE-2010-1869 ghostscript: PS parser buffer overflow in token scanner
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2010-1869
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 582308
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-14 15:30 UTC by Vincent Danen
Modified: 2021-02-24 23:16 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-05-12 08:06:25 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Ghostscript 690902 0 None None None Never

Description Vincent Danen 2010-04-14 15:30:24 UTC
A buffer overflow vulnerability in Ghostscript's parser function was reported.  A specially crafted postscript file could result in the execution of arbitrary code if opened or printed (i.e. via CUPS).  Note that stack protections in the compiler render this into nothing more than a denial of service.  This has been corrected in upstream Ghostscript 8.71; at least 8.64 and 8.70 are affected by this issue.  Testing of Ghostscript 8.15 shows it does not suffer from this flaw.

Acknowledgements:

Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue.

Comment 1 Vincent Danen 2010-04-14 15:32:23 UTC
This issue does not affect Fedora 11 or higher as they provide Ghostscript 8.71.

This issue does not affect Red Hat Enterprise Linux 5 or earlier due to the older versions of Ghostscript (8.15 and older).

Comment 6 Tomas Hoger 2010-04-15 18:37:25 UTC
Relevant upstream bug and commit should be:
  http://bugs.ghostscript.com/show_bug.cgi?id=690902
  http://code.google.com/p/ghostscript/source/detail?r=10312

Comment 9 Tomas Hoger 2010-05-12 06:35:11 UTC
Public now via:
  http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html

Comment 10 Tomas Hoger 2010-05-12 06:36:28 UTC
Statement:

Not vulnerable.  This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.


Note You need to log in before you can comment on or make changes to this bug.