Executive Summary
Summary | |
---|---|
Title | Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function |
Informations | |||
---|---|---|---|
Name | VU#538191 | First vendor Publication | 2010-10-12 |
Vendor | VU-CERT | Last vendor Modification | 2010-11-30 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#538191Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret functionOverviewThe gs_type2_interpret function which is a part of Ghostscript is prone to denial-of-service conditions.I. DescriptionGhostscript contains a function called gs_type2_interpret which is not performing null value error checking. A specially crafted document can cause Ghostscript to deference a null pointer, causing a denial-of-service condition.II. ImpactAn attacker may use a specially crafted document to cause a denial-of-service condition.III. SolutionUpgradeAccording to the vendor's release notes this has been fixed in revision 10590.
ReferencesThanks to Jonathan Brossard at P1 Code Security for reporting this vulnerability. This document was written by Michael Orlando.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/538191 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for ghostscript CESA-2012:0095 centos5 File : nvt/gb_CESA-2012_0095_ghostscript_centos5.nasl |
2012-07-30 | Name : CentOS Update for ghostscript CESA-2012:0095 centos6 File : nvt/gb_CESA-2012_0095_ghostscript_centos6.nasl |
2012-07-30 | Name : CentOS Update for ghostscript CESA-2012:0096 centos4 File : nvt/gb_CESA-2012_0096_ghostscript_centos4.nasl |
2012-02-03 | Name : RedHat Update for ghostscript RHSA-2012:0095-01 File : nvt/gb_RHSA-2012_0095-01_ghostscript.nasl |
2012-02-03 | Name : RedHat Update for ghostscript RHSA-2012:0096-01 File : nvt/gb_RHSA-2012_0096-01_ghostscript.nasl |
2012-01-09 | Name : Ubuntu Update for ghostscript USN-1317-1 File : nvt/gb_ubuntu_USN_1317_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69213 | Ghostscript gs_type2_interpret Function Compressed Data Stream Crafted Font D... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-17.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-42.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0095.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0096.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120202_ghostscript_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120202_ghostscript_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-04-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ghostscript-fonts-other-8063.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0095.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0096.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0095.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0096.nasl - Type : ACT_GATHER_INFO |
2012-01-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1317-1.nasl - Type : ACT_GATHER_INFO |