Vulnerability Note VU#538191

Ghostscript crashes when passing a null ipsp->ip value to the gs_type2_interpret function

Original Release date: 12 Oct 2010 | Last revised: 30 Nov 2010


The gs_type2_interpret function which is a part of Ghostscript is prone to denial-of-service conditions.


Ghostscript contains a function called gs_type2_interpret which is not performing null value error checking. A specially crafted document can cause Ghostscript to deference a null pointer, causing a denial-of-service condition.


An attacker may use a specially crafted document to cause a denial-of-service condition.



According to the vendor's release notes this has been fixed in revision 10590.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Artifex Software, Inc.Affected29 Jul 201012 Oct 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A


  • None


Thanks to Jonathan Brossard at P1 Code Security for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: Unknown
  • Date Public: 06 Jan 2010
  • Date First Published: 12 Oct 2010
  • Date Last Updated: 30 Nov 2010
  • Severity Metric: 0.36
  • Document Revision: 22


If you have feedback, comments, or additional information about this vulnerability, please send us email.