Back to search
CVE-2015-3228
Published: Aug 11, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3326
vendor-advisory
x_refsource_DEBIAN
http://bugs.ghostscript.com/show_bug.cgi?id=696070
x_refsource_CONFIRM
1033149
vdb-entry
x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=1232805
x_refsource_CONFIRM
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=0c0b0859
x_refsource_CONFIRM
http://bugs.ghostscript.com/show_bug.cgi?id=696041
x_refsource_CONFIRM
GLSA-201612-33
vendor-advisory
x_refsource_GENTOO
76017
vdb-entry
x_refsource_BID
USN-2697-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20150723 CVE-2015-3228 - Ghostscript - Integer overflow
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now