[Bug 202781] print/ghostscript7 *: security/vuxml: denial of service (crash) via crafted Postscript files (CVE-2015-3228)

Sun Aug 30 21:18:14 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202781

            Bug ID: 202781
           Summary: print/ghostscript7 *: security/vuxml: denial of
                    service (crash) via crafted Postscript files
                    (CVE-2015-3228)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam at FreeBSD.org
          Reporter: junovitch at freebsd.org
             Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)
          Assignee: ports-secteam at FreeBSD.org

Note this is already fixed in ports/head.  We just need the documentation and a
backport of the fix.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3228

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in
Ghostscript 9.15 and earlier allows remote attackers to cause a denial of
service (crash) via a crafted Postscript (ps) file, as demonstrated by using
the ps2pdf command, which triggers an out-of-bounds read or write.

-- 
You are receiving this mail because:
You are the assignee for the bug.