In association with heise online

11 April 2009, 16:22

Ghostscript comes unstuck with PDFs too

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Secunia, the security services provider, is warning of a critical vulnerability in Ghostscript that can be exploited by specially crafted PDF files. Ghostscript was originally an open source PostScript interpreter. PDF handling is a later addition.

Specially crafted PDF files can induce a heap-based buffer overflow while Ghostscript is decoding JBIG2 symbol dictionary segments. Adobe recently had to eliminate a similar bug in Adobe Reader. Secunia says the current version 8.64 of Ghostscript is affected, and evidently there is no bug fixed version yet. The Red Hat Linux distributor, however, gives a patch in its bug database that we hope will soon be incorporated into a new version.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit