A buffer overflow vulnerability in Ghostscript's parser function was reported. A specially crafted postscript file could result in the execution of arbitrary code if opened or printed (i.e. via CUPS). Note that stack protections in the compiler render this into nothing more than a denial of service. This has been corrected in upstream Ghostscript 8.71; at least 8.64 and 8.70 are affected by this issue. Testing of Ghostscript 8.15 shows it does not suffer from this flaw.
Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue.
This issue does not affect Fedora 11 or higher as they provide Ghostscript 8.71.
This issue does not affect Red Hat Enterprise Linux 5 or earlier due to the older versions of Ghostscript (8.15 and older).
Relevant upstream bug and commit should be:
Public now via:
Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.