[Secure-testing-team] Bug#839846: ghostscript: type confusion in .initialize_dsc_parser allows remote code execution
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 5 17:49:01 UTC 2016
Source: ghostscript
Version: 9.19~dfsg-3
Severity: grave
Tags: security upstream patch
Forwarded: http://bugs.ghostscript.com/show_bug.cgi?id=697190
Hi
See:
Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
CVE Request: http://www.openwall.com/lists/oss-security/2016/10/05/7
Regards,
Salvatore
More information about the Secure-testing-team
mailing list