Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697762 Upstream patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
Created ghostscript tracking bugs for this issue: Affects: fedora-all [bug 1444945]
I can't reproduce this issue. It looks like this bug was introduced when adding a new scanner via http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=18ef67078eb63103ed5e0de627296cb86f493d42 The ghostscript versions we ship do not include this new scanner, thus should be unaffected by it.
Statement: This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue did not affect the versions of ghostscript as shipped with OpenShift Enterprise 2.