oss-sec mailing list archives
Re: CVE Request - multiple ghostscript -dSAFER sandbox problems
From: cve-assign () mitre org
Date: Tue, 11 Oct 2016 12:28:33 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Here is a different type confusion bug, originally I thought it was just a NULL dereference, but after seeing the patch it does look exploitable. id: http://bugs.ghostscript.com/show_bug.cgi?id=697203 patch: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78 repro: clear 16#41414141 .sethalftone5 Please assign a CVE for this one.
Use CVE-2016-8602. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX/RJMAAoJEHb/MwWLVhi2eRAP/0pY2yag9OtfjcTBqJ30efgV pdWeaaGnY/V793JA8TuygA4GfWlutx7wEHaIsO+FR4Ur3YD63r4Ru3dkMk5w6nHR GAKfKseZDGPx4vYHqmvMULmwmh97WkBZXgwSFmIP2Z7qBnXzTb0LphhvQLymZTDu gc/B8hlTRbjVKZk2nwq5VajG5I6zY776Ok0fN6TSkVkrN6QWTdzOHr7XsNw33fks a01IqHrb3kMeaOOTyyrnm1nCehz3yF7uqBJb7PzY28FFqeX6rKqB3hulkB+7Ulnn 7txIzxqdeHJHJjAG3Z0drfu0yoDcXXFl6aVSy/+2mxPs5H+CyTHzzmCkWdWDlw4y 6sJahKu+A/Q0yxsfqmFqc0wXQXv0/Db8hbaP5ZPa1Io9Hp3VqM/ZmGt0elsFWFq1 QcKV3TF35PfNJeR/5EuVBUCQLH017pA4ozT90qPYDTFAcbUZMH1PBlcNheLz10M4 XXFsaocBYbKDxcr22/cWiUWOTefDgkBdFTWzg5RxVLAEcY2/ov1KdwRmRF9O1X+h z/bwoD/HHbt3xTwoZ7zZuj8qK1hli2aoiIk4sGekwD0lmmbECyL1kSYpZORAXLG9 3adzKdoIQ+31rrubIoJbOrZVtv0O+/7ZfIAcJVMytz3seQH7QYP6BEgVGlH34v7d YgyQlr15jLLG5YrXRhQN =YVnm -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems, (continued)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Bob Friesenhahn (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Jakub Wilk (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Florian Weimer (Oct 05)
- Re: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Cedric Buissart (Oct 19)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 11)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems cve-assign (Oct 11)