[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#793489: ghostscript: CVE-2015-3228: Integer overflow

Package: ghostscript
Severity: important
Tags: security patch

Hi,

the following vulnerability was published for ghostscript.

CVE-2015-3228[0]: Integer overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3228
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228
    Please adjust the affected versions in the BTS as needed.

All the versions in Debian are affected by the underlying problem
in the memory allocation (see
http://bugs.ghostscript.com/show_bug.cgi?id=696070) but experimental
(9.15~rc1~dfsg-1) does not trigger the segfault due do other changes.

You can reproduce the problem with this:
$ wget http://bugs.ghostscript.com/attachment.cgi?id=11776 -O /tmp/test.ps
$ ps2pdf /tmp/test.ps
Segmentation fault

The suggested patch is here:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: