[gs-devel] [Fwd: Ghostscript buffer overflow]
Ralph Giles
giles at ghostscript.com
Thu May 22 12:23:07 PDT 2008
Thanks for the forward. This issue was addressed in r8520 and is part
of the 8.62 release.
-r
On 29-Feb-08, at 8:33 AM, Lee Howard wrote:
> The problem is a stack-based buffer overflow in the zseticcspace()
> function in zicc.c. The issue is over-trust of the length of a
> postscript array which an attacker can set to an arbitrary length. One
> slight amusement is that the overflowed type is "float", leading to
> machine code -> float conversion in any exploit
More information about the gs-devel
mailing list