Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAKG8Do7Eqdq8HpAqyBSBrAHUCrXnwWrhb3e8seQJZDYjNKeszw@mail.gmail.com>
Date: Tue, 13 Aug 2019 09:49:19 +0200
From: Cedric Buissart <cbuissar@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1

On Mon, Aug 12, 2019 at 4:48 PM Bob Friesenhahn
<bfriesen@...ple.dallas.tx.us> wrote:
>
> Is it known if this issue also impacts the PDF reader?  I see that the
> involved code is Resource/Init/gs_type1.ps which is presumably related
> to Postscript Type 1 fonts, which might be included in a PDF file.

My personal experience so far is that vulnerabilities requiring to
modify error handlers do not work when embedded in a PDF.
That being said, maybe I do it wrong and there might be other ways.
I didn't have an attempt with that one so far.

>
> Bob
> --
> Bob Friesenhahn
> bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
> GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
> Public Key,     http://www.simplesystems.org/users/bfriesen/public-key.txt



--
Cedric Buissart,
Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.