The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697459
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1441581]
NOTE: We're still waiting on upstream to provide a patch for this CVE.
Upstream fix : - Fix bug 697459 Buffer overflow in fill_threshold_buffer http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4