[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1
From: Cedric Buissart <cbuissar () redhat ! com>
Date: 2019-08-13 7:49:19
Message-ID: CAKG8Do7Eqdq8HpAqyBSBrAHUCrXnwWrhb3e8seQJZDYjNKeszw () mail ! gmail ! com
[Download RAW message or body]
On Mon, Aug 12, 2019 at 4:48 PM Bob Friesenhahn
<bfriesen@simple.dallas.tx.us> wrote:
>
> Is it known if this issue also impacts the PDF reader? I see that the
> involved code is Resource/Init/gs_type1.ps which is presumably related
> to Postscript Type 1 fonts, which might be included in a PDF file.
My personal experience so far is that vulnerabilities requiring to
modify error handlers do not work when embedded in a PDF.
That being said, maybe I do it wrong and there might be other ways.
I didn't have an attempt with that one so far.
>
> Bob
> --
> Bob Friesenhahn
> bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
> GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
> Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt
--
Cedric Buissart,
Product Security
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic