Описание
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
A flaw was found in Ghostscript. The runpdf command allowed the new C-based PDF interpreter to be invoked from within PS. With this, it can pass various flags and arguments (for example, see pdf_impl_set_param) normally passed via the command line when the PDF interpreter is invoked directly. Because PS-strings are not null-terminated, this issue will result in a heap buffer overflow when a value of PDFPassword is supplied with a NULL byte in the middle.
Отчет
This vulnerability in Ghostscript, while serious, is considered moderate rather than important due to several mitigating factors. First, exploitation requires specific conditions, including the ability to supply a crafted PS file with a malicious PDFPassword containing a NULL byte. This restricts the attack surface primarily to scenarios where untrusted PS files are processed. Additionally, the issue does not directly lead to remote code execution or privilege escalation without further exploitation techniques. Instead, it results in a heap buffer overflow, which can be challenging to exploit reliably due to modern memory protection mechanisms.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 6 | ghostscript | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ghostscript | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ghostscript | Not affected | ||
| Red Hat Enterprise Linux 8 | gimp:flatpak/ghostscript | Not affected | ||
| Red Hat Enterprise Linux 9 | ghostscript | Will not fix |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFP ...
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
Уязвимость набора программного обеспечения для обработки, преобразования и генерации документов Ghostscript, связанная с переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.4 Medium
CVSS3