Vulnerability Note VU#538191
Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function
Overview
The gs_type2_interpret function which is a part of Ghostscript is prone to denial-of-service conditions.
Description
Ghostscript contains a function called gs_type2_interpret which is not performing null value error checking. A specially crafted document can cause Ghostscript to deference a null pointer, causing a denial-of-service condition. |
Impact
An attacker may use a specially crafted document to cause a denial-of-service condition. |
Solution
Upgrade According to the vendor's release notes this has been fixed in revision 10590. |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Artifex Software, Inc. | Affected | 29 Jul 2010 | 12 Oct 2010 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- None
Credit
Thanks to Jonathan Brossard at P1 Code Security for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
- CVE IDs: Unknown
- Date Public: 06 Jan 2010
- Date First Published: 12 Oct 2010
- Date Last Updated: 30 Nov 2010
- Severity Metric: 0.36
- Document Revision: 22
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.