Vigil@nce: Ghostscript, memory corruption via PDF
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to see a malicious PDF document,
in order to stop Ghostscript, or to execute code.
– Severity: 2/4
– Creation date: 17/09/2010
DESCRIPTION OF THE VULNERABILITY
The Ghostscript program displays PDF or PostScript documents.
The file gs/base/ttinterp.c analyzes TrueType fonts. The TrueType
MINDEX instruction moves the indexed item to the top of the stack.
However, if the index is null, the Ins_MINDEX() function of the
ttinterp.c file uses an invalid memory address.
An attacker can therefore invite the victim to see a malicious PDF
document, in order to stop Ghostscript, or to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Ghostscript-memory-corruption-via-PDF-9950