Bug#860869: ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bug#860869: ghostscript: CVE-2016-10317: Heap-buffer overflow in the fill_threshold_buffer function

Salvatore Bonaccorso-4
Source: ghostscript
Version: 9.20~dfsg-3
Severity: important
Tags: upstream security
Forwarded: https://bugs.ghostscript.com/show_bug.cgi?id=697459

Hi,

the following vulnerability was published for ghostscript.

CVE-2016-10317[0]:
| The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex
| Software, Inc. Ghostscript 9.20 allows remote attackers to cause a
| denial of service (heap-based buffer overflow and application crash) or
| possibly have unspecified other impact via a crafted PostScript
| document.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10317
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10317
[1] https://bugs.ghostscript.com/show_bug.cgi?id=697459

The reproducer is not yet public available, and the severity should
probably be increased due to the heap buffer overflow. But we can
ammend once more details public.

Regards,
Salvatore

Loading...