Date: Sun, 30 Aug 2015 21:18:13 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 202781] print/ghostscript7 *: security/vuxml: denial of service (crash) via crafted Postscript files (CVE-2015-3228) Message-ID: <bug-202781-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202781 Bug ID: 202781 Summary: print/ghostscript7 *: security/vuxml: denial of service (crash) via crafted Postscript files (CVE-2015-3228) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: junovitch@freebsd.org Flags: maintainer-feedback?(ports-secteam@FreeBSD.org) Assignee: ports-secteam@FreeBSD.org Note this is already fixed in ports/head. We just need the documentation and a backport of the fix. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228 Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202781-13>