SB2015073101 - Input validation error in ghostscript (Alpine package)
Published: July 31, 2015
Security Bulletin ID
SB2015073101
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2015-3228)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2e939e62766bb3312688de5c933788f9e86f4b6c
- https://git.alpinelinux.org/aports/commit/?id=6c275fa9475ad80a6e7801bf9356cb7acc22c654
- https://git.alpinelinux.org/aports/commit/?id=85d3c3bf7d2914b99cad25b6b45a73e5c8f7df54
- https://git.alpinelinux.org/aports/commit/?id=4562dbd2e017349035b31df017bee36d5d6b201b
- https://git.alpinelinux.org/aports/commit/?id=ca4a30adeb8a02a127c6030e2730f8ec7900c915