Bug 1032135 (CVE-2016-10218) - VUL-1: CVE-2016-10218: ghostscript,ghostscript-library: The pdf14_pop_transparency_group function in base/gdevp14.c in the PDFTransparency module in Artife...
Summary: VUL-1: CVE-2016-10218: ghostscript,ghostscript-library: The pdf14_pop_transpa...
Status: RESOLVED INVALID
Alias: CVE-2016-10218
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/182773/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-03 15:10 UTC by Marcus Meissner
Modified: 2020-01-27 15:42 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
gs_nullptr_pdf14_pop_transparency_group (46 bytes, application/octet-stream)
2017-04-03 15:10 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-04-03 15:10:09 UTC
CVE-2016-10218

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF
Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote
attackers to cause a denial of service (NULL pointer dereference and application
crash) via a crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10218
https://bugs.ghostscript.com/show_bug.cgi?id=697444
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
Comment 1 Marcus Meissner 2017-04-03 15:10:40 UTC
Created attachment 719661 [details]
gs_nullptr_pdf14_pop_transparency_group

QA REPRODUCER:

gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER gs_nullptr_pdf14_pop_transparency_group -c quit


should not crash
Comment 2 Marcus Meissner 2017-04-03 15:14:19 UTC
i was not able to crash it, not even on 9.20 on factory.
Comment 5 Marcus Meissner 2020-01-27 15:42:14 UTC
not reproducing