oss-sec mailing list archives
Re: CVE request: ghostscript
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Mon, 12 Jul 2010 13:18:57 -0400
Perhaps they're not identical, but they certainly seem related. I noticed that the upstream patch is for "psi/iscan.c", which is where the overflow for CVE-2010-1869 takes place, and both appear to be due to the same trivial case of long PostScript/PDF identifiers. In this case, the overflow appears to occur in the conversion of a PDF to a PostScript file. -Dan On Mon, Jul 12, 2010 at 1:00 PM, Vincent Danen <vdanen () redhat com> wrote:
* [2010-07-12 12:48:35 -0400] Dan Rosenberg wrote:I believe this is identical to CVE-2010-1869 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1869).They don't look identical to me. Patches differ, upstream bugs differ. Can't really do anything hands-on to test since the PoC attached to the upstream bug is private.On Mon, Jul 12, 2010 at 12:28 PM, Marc Deslauriers <marc.deslauriers () canonical com> wrote:Hi, I don't think this ever got a CVE: A memory corruption vulnerability in Ghostscript 8.64 and earlier caused by long names can lead to arbitrary code execution. http://bugs.ghostscript.com/show_bug.cgi?id=690523 http://svn.ghostscript.com/viewvc?view=rev&revision=9797-- Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
- Re: CVE request: ghostscript Vincent Danen (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
- Re: CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Josh Bressers (Jul 12)
- Re: CVE request: ghostscript Vincent Danen (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)