Integer Overflow Vulnerability in Ghostscript by Artifex Software
CVE-2015-3228

Currently unrated

Key Information:

Vendor: Artifex
Status: Afpl Ghostscript
Vendor: CVE Published:; 11 August 2015

Summary

An integer overflow vulnerability exists in the gs_heap_alloc_bytes function located in base/gsmalloc.c of Ghostscript versions 9.15 and earlier. This flaw allows remote attackers to exploit crafted Postscript (ps) files, leading to denial of service through crashes caused by out-of-bounds read or write operations. It is essential for users of Ghostscript to apply available patches and updates to mitigate the risk associated with this vulnerability. Proper validation of input files is crucial to prevent exploitation.

References

http://www.debian.org/security/2015/dsa-3326

vendor-advisoryx_refsource_DEBIAN

http://bugs.ghostscript.com/show_bug.cgi?id=696070

x_refsource_CONFIRM

http://www.securitytracker.com/id/1033149

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 11, 2015
Vulnerability Reserved
Apr 10, 2015