FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ghostscript -- denial of service (crash) via crafted Postscript files

Affected packages
ghostscript7 < 7.07_32
ghostscript7-base < 7.07_32
ghostscript7-nox11 < 7.07_32
ghostscript7-x11 < 7.07_32
ghostscript8 < 8.71_19
ghostscript8-base < 8.71_19
ghostscript8-nox11 < 8.71_19
ghostscript8-x11 < 8.71_19
ghostscript9 < 9.06_11
ghostscript9-base < 9.06_11
ghostscript9-nox11 < 9.06_11
ghostscript9-x11 < 9.06_11
ghostscript9-agpl < 9.15_2
ghostscript9-agpl-nox11 < 9.15_2
ghostscript9-agpl-base < 9.16_2
ghostscript9-agpl-x11 < 9.16_2

Details

VuXML ID fc1f6658-4f53-11e5-934b-002590263bf5
Discovery 2015-06-17
Entry 2015-09-01
Modified 2015-09-02

MITRE reports:

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

[source]

References

CVE Name CVE-2015-3228
URL http://bugs.ghostscript.com/show_bug.cgi?id=696041
URL http://bugs.ghostscript.com/show_bug.cgi?id=696070
URL http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.