Ghostscript comes unstuck with PDFs too
Secunia, the security services provider, is warning of a critical vulnerability in Ghostscript that can be exploited by specially crafted PDF files. Ghostscript was originally an open source PostScript interpreter. PDF handling is a later addition.
Specially crafted PDF files can induce a heap-based buffer overflow while Ghostscript is decoding JBIG2 symbol dictionary segments. Adobe recently had to eliminate a similar bug in Adobe Reader. Secunia says the current version 8.64 of Ghostscript is affected, and evidently there is no bug fixed version yet. The Red Hat Linux distributor, however, gives a patch in its bug database that we hope will soon be incorporated into a new version.
See also:
- Ghostscript jbig2dec JBIG2 Processing Buffer Overflow, security advisory from Secunia Research.
(djwm)