Saturday, April 11, 2009

Ghostscript jbig2dec JBIG2 Processing Buffer Overflow

Description of Vulnerability
Secunia Research has discovered a vulnerability in Ghostscript, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a boundary error in the included jbig2dec library while decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.

Successful exploitation may allow execution of arbitrary code.

Affected Software
* Ghostscript version 8.64
NOTE: Other versions may also be affected.

Do not process untrusted PDF files.

Discovered by Alin Rad Pop, Secunia Research

No comments:

Post a Comment