exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ghostscript Stack Overflow

Ghostscript Stack Overflow
Posted May 12, 2010
Authored by Dan Rosenberg

Ghostscript suffers from code execution and stack overflow vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
advisories | CVE-2010-1869
SHA-256 | 3ae78b80a2f029d3507689c46f8386059dca772b84fc5bee89098e5fb38a420b

Ghostscript Stack Overflow

Change Mirror Download
===============================================================
Ghostscript, multiple arbitrary code execution vulnerabilities
May 11, 2010
CVE-2010-1869
===============================================================

==Description==

Ghostscript (www.ghostscript.com), an interpreter for the PostScript language,
is vulnerable to two memory corruption vulnerabilities:

1. A stack overflow in the parser for Ghostscript versions 8.64 and 8.70 occurs
when very long identifiers are provided within a PostScript file. By enticing
a user to open a maliciously crafted PostScript file, arbitrary code execution
can be achieved. This vulnerability was reported to downstream distributions
by me on March 4, 2010. An anonymous researcher independently published this
vulnerability today (May 11, 2010), prompting this advisory. This issue has
been assigned CVE-2010-1869.

2. GhostScript (all tested versions) fails to properly handle infinitely
recursive procedure invocations. By providing a PostScript file with a
sequence such as:

/A{pop 0 A 0} bind def
/product A 0

the interpreter's internal stack will be overflowed with recursive calls, at
which point execution will jump to an attacker-controlled address. This
vulnerability can be exploited by enticing a user to open a maliciously crafted
PostScript file, achieving arbitrary code execution. This issue has not yet
been assigned a CVE identifier.

==Solution==

In the absence of a patch, users are encouraged to discontinue use of
Ghostscript or avoid processing untrusted PostScript files.

==Credits==

These vulnerabilities were discovered by Dan Rosenberg
(dan.j.rosenberg@gmail.com).

==Timeline==

3/04/10 - Initial report to downstream distribution
5/11/10 - Anonymous researcher discloses first issue
5/11/10 - Disclosure

==References==

CVE identifier CVE-2010-1869 has been assigned to the first issue.

The original report for this bug can be found at:
https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close