Vulnerability Note VU#538191
Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function
The gs_type2_interpret function which is a part of Ghostscript is prone to denial-of-service conditions.
Ghostscript contains a function called gs_type2_interpret which is not performing null value error checking. A specially crafted document can cause Ghostscript to deference a null pointer, causing a denial-of-service condition.
An attacker may use a specially crafted document to cause a denial-of-service condition.
According to the vendor's release notes this has been fixed in revision 10590.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Artifex Software, Inc.||Affected||29 Jul 2010||12 Oct 2010|
CVSS Metrics (Learn More)
Thanks to Jonathan Brossard at P1 Code Security for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: Unknown
- Date Public: 06 Jan 2010
- Date First Published: 12 Oct 2010
- Date Last Updated: 30 Nov 2010
- Severity Metric: 0.36
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.