FreeBSD Bugzilla – Attachment 160538 Details for
Bug 202781
print/ghostscript7 *: security/vuxml: denial of service (crash) via crafted Postscript files (CVE-2015-3228)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml for ghostscript*
ghostscript_vuxml.diff (text/plain), 2.31 KB, created by
Jason Unovitch
on 2015-08-30 21:30:36 UTC
(
hide
)
Description:
security/vuxml for ghostscript*
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-08-30 21:30:36 UTC
Size:
2.31 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 395638) >+++ vuln.xml (working copy) >@@ -58,6 +58,65 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="fc1f6658-4f53-11e5-934b-002590263bf5"> >+ <topic>ghostscript -- denial of service (crash) via crafted Postscript files</topic> >+ <affects> >+ <package> >+ <name>ghostscript7</name> >+ <name>ghostscript7-nox11</name> >+ <name>ghostscript7-base</name> >+ <name>ghostscript7-x11</name> >+ <range><lt>7.07_32</lt></range> >+ </package> >+ <package> >+ <name>ghostscript8</name> >+ <name>ghostscript8-nox11</name> >+ <name>ghostscript8-base</name> >+ <name>ghostscript8-x11</name> >+ <range><lt>8.71_19</lt></range> >+ </package> >+ <package> >+ <name>ghostscript9</name> >+ <name>ghostscript9-nox11</name> >+ <name>ghostscript9-base</name> >+ <name>ghostscript9-x11</name> >+ <range><lt>9.06_11</lt></range> >+ </package> >+ <package> >+ <name>ghostscript9-agpl</name> >+ <name>ghostscript9-agpl-nox11</name> >+ <range><lt>9.15_2</lt></range> >+ </package> >+ <package> >+ <name>ghostscript9-agpl-base</name> >+ <name>ghostscript9-agpl-x11</name> >+ <range><lt>9.16_2</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>MITRE reports:</p> >+ <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228"> >+ <p>Integer overflow in the gs_heap_alloc_bytes function in >+ base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote >+ attackers to cause a denial of service (crash) via a crafted >+ Postscript (ps) file, as demonstrated by using the ps2pdf command, >+ which triggers an out-of-bounds read or write.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2015-3228</cvename> >+ <url>http://bugs.ghostscript.com/show_bug.cgi?id=696041</url> >+ <url>http://bugs.ghostscript.com/show_bug.cgi?id=696070</url> >+ <url>http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859</url> >+ </references> >+ <dates> >+ <discovery>2015-06-17</discovery> >+ <entry>2015-08-30</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="5300711b-4e61-11e5-9ad8-14dae9d210b8"> > <topic>graphviz -- format string vulnerability</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=160538">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202781
:
160537
| 160538