[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1
From:       Cedric Buissart <cbuissar () redhat ! com>
Date:       2019-08-13 7:49:19
Message-ID: CAKG8Do7Eqdq8HpAqyBSBrAHUCrXnwWrhb3e8seQJZDYjNKeszw () mail ! gmail ! com
[Download RAW message or body]

On Mon, Aug 12, 2019 at 4:48 PM Bob Friesenhahn
<bfriesen@simple.dallas.tx.us> wrote:
>
> Is it known if this issue also impacts the PDF reader?  I see that the
> involved code is Resource/Init/gs_type1.ps which is presumably related
> to Postscript Type 1 fonts, which might be included in a PDF file.

My personal experience so far is that vulnerabilities requiring to
modify error handlers do not work when embedded in a PDF.
That being said, maybe I do it wrong and there might be other ways.
I didn't have an attempt with that one so far.

>
> Bob
> --
> Bob Friesenhahn
> bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
> GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
> Public Key,     http://www.simplesystems.org/users/bfriesen/public-key.txt



--
Cedric Buissart,
Product Security
[prev in list] [next in list] [prev in thread] [next in thread]