=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN409
_____________________________________________________________________

DATE                      : 14/10/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Ghostscript.

======================================================================
http://www.kb.cert.org/vuls/id/538191
______________________________________________________________________

Vulnerability Note VU#538191

Ghostscript crashes when passing a null ipsp->ip value to the
gs_type2_interpret function

Overview
The gs_type2_interpret function which is a part of Ghostscript is prone
to denial of service conditions.


I. Description
Ghostscript contains a function called gs_type2_interpret which is not
performing null value error checking. When a user opens a PDF file which
contains a null ipsp->ip value being passed to the gs_type2_interpret
function, the application causes a segmentation fault.


II. Impact
An attacker may use a specially crafted document with a null ipsp->ip
value to cause a denial of service condition.


III. Solution

Upgrade

According to the vendor's release notes this has been fixed in revision 10590.


Vendor Information
Vendor	Status	Date Notified	Date Updated
Artifex Software, Inc.	Affected	2010-07-29	2010-10-12


References

Credit

Thanks to Jonathan Brossard at P1 Code Security for reporting this vulnerability.

This document was written by Michael Orlando.


Other Information

Date Public:	2010-01-06
Date First Published:	2010-10-12
Date Last Updated:	2010-10-12
CERT Advisory:	
CVE-ID(s):	
NVD-ID(s):	
US-CERT Technical Alerts:	
Metric:	0.36
Document Revision:	18

If you have feedback, comments, or additional information about this
vulnerability, please send us email.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================