Users of Ghostscript library please be advised of integer overflow, heap corruption, remote Denial of Service Vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TSSA-2010-01: [TSSA-2010-01] Ghostscript library Ins_MINDEX() integer overflow and heap corruption
An off by one in the library libgs.so.8 shipped with Ghostscript in
versions <= 8.70 generates an integer overflow, which in turn
produces a heap corruption, resulting in a (remote) Denial of Service
(crash) in several applications using this library when processing a
specially crafted font.
This vulnerability cannot be exploited to execute arbitrary code under
GNU/Linux x86, to the best of our knowledge. Other targets, in
particular Windows have not been tested and may or may not allow
execution of arbitrary code.
See this Amp at http://bit.ly/hLaKPR
No comments:
Post a Comment