[Bug 1342312] [NEW] ghostscript hangs reading certain pdfs

Launchpad Bug Tracker 1342312 at bugs.launchpad.net
Wed Mar 18 08:55:57 UTC 2015 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Rolf Leggewie (r0lf):

On a few pdfs, gs hangs and uses 100% cpu forever.

This could be used as a denial of service through imagemagick which uses
ghostscript as a delegate, and commonly used in php etc... which is how
I found the issue.

The packages from utopic (9.14~dfsg-0ubuntu3) processes these pdfs
correctly.

To reproduce:
gs WaddellAndReedJCL0814ThirdHProvSE.pdf

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: ghostscript 9.10~dfsg-0ubuntu10.2
ProcVersionSignature: Ubuntu 3.13.0-30.55-generic 3.13.11.2
Uname: Linux 3.13.0-30-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CupsErrorLog:
 
CurrentDesktop: Unity
Date: Tue Jul 15 14:34:26 2014
InstallationDate: Installed on 2014-04-20 (86 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
Lpstat:
 device for Bizhub7222: socket://10.0.0.201:9100
 device for HP-Photosmart-6520-series: dnssd://Photosmart%206520%20series%20%5B1B47AD%5D._ipp._tcp.local/
MachineType: ASUSTeK COMPUTER INC. UX32VD
Papersize: letter
PpdFiles:
 HP-Photosmart-6520-series: HP Photosmart 6520 Series, hpcups 3.14.3
 Bizhub7222: HP LaserJet 5L - CUPS+Gutenprint v5.2.10-pre2
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-30-generic root=UUID=2f256b0b-ee87-463a-af04-e892e0be9192 ro quiet splash pcie_aspm=force drm.vblankoffdelay=1 i915.semaphores=1
SourcePackage: ghostscript
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/16/2012
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: UX32VD.213
dmi.board.asset.tag: ATN12345678901234567
dmi.board.name: UX32VD
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: 1.0
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTeK COMPUTER INC.
dmi.chassis.version: 1.0
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrUX32VD.213:bd11/16/2012:svnASUSTeKCOMPUTERINC.:pnUX32VD:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnUX32VD:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:
dmi.product.name: UX32VD
dmi.product.version: 1.0
dmi.sys.vendor: ASUSTeK COMPUTER INC.

** Affects: ghostscript (Ubuntu)
     Importance: Low
         Status: Fix Released

** Affects: ghostscript (Ubuntu Trusty)
     Importance: Low
         Status: Confirmed


** Tags: amd64 apport-bug patch trusty
-- 
ghostscript hangs reading certain pdfs
https://bugs.launchpad.net/bugs/1342312
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list