Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Tue, 02 Jun 2009 20:07:40 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws
 in JBIG2 decoder proved by PoC for CVE-2009-0658

Hello Steve,

  multiple NULL pointer dereference flaws were identified in the 
Ghostscript's JBIG compression format decoder (jbig2dec)
based on the PoC for recent Adobe Reader's 9.0, Adobe Acrobat's 9.0
(CVE-2009-0658) issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=501710
https://bugzilla.redhat.com/show_bug.cgi?id=503785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0658

PoC:
http://milw0rm.com/sploits/2009-41414141.pdf

Affected versions: All GPL-Ghostscript versions from ghostscript-8.10
                   (contains initial implementation of jbig2dec) up
                   to latest upstream 8.64 one.

Could you allocate a CVE id?

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux