[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3228Date: (C)2015-08-11   (M)2023-12-22


Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1033149
BID-76017
DSA-3326
GLSA-201612-33
USN-2697-1
http://openwall.com/lists/oss-security/2015/07/23/14
http://bugs.ghostscript.com/show_bug.cgi?id=696041
http://bugs.ghostscript.com/show_bug.cgi?id=696070
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=0c0b0859
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://bugzilla.redhat.com/show_bug.cgi?id=1232805

CWE    1
CWE-189
OVAL    5
oval:org.secpod.oval:def:89045353
oval:org.secpod.oval:def:26777
oval:org.secpod.oval:def:702687
oval:org.secpod.oval:def:52541
...

© SecPod Technologies