Bug#869917: ghostscript: CVE-2017-9611: heap-buffer-overflow in Ins_MIRP(base/ttinterp.c)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#869917: ghostscript: CVE-2017-9611: heap-buffer-overflow in Ins_MIRP(base/ttinterp.c)
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 27 Jul 2017 17:26:23 +0200
Message-id: <[🔎] 150116918352.9694.7620516840562692896.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 869917@bugs.debian.org

Source: ghostscript
Version: 9.06~dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=698024

Hi,

the following vulnerability was published for ghostscript.

CVE-2017-9611[0]:
| The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript
| GhostXPS 9.22 allows remote attackers to cause a denial of service
| (heap-based buffer over-read and application crash) or possibly have
| unspecified other impact via a crafted document.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-9611
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9611
[1] https://bugs.ghostscript.com/show_bug.cgi?id=698024
[2] http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=c7c559727

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: Bug#869916: ghostscript: CVE-2017-9612: heap-use-after-free in Ins_IP(base/ttinterp.c)
Next by Date: Processed: severity of 869907 is grave, severity of 869910 is grave, severity of 869913 is grave ...
Previous by thread: Bug#869916: ghostscript: CVE-2017-9612: heap-use-after-free in Ins_IP(base/ttinterp.c)
Next by thread: Processed: severity of 869907 is grave, severity of 869910 is grave, severity of 869913 is grave ...
Index(es):
- Date
- Thread