CVE-2015-3228

2015-08-11 16:59:02 2017-09-21 03:29:06

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Artifex Afpl ghostscript 9.15 (not an official CPE)

Artifex - Afpl ghostscript

Advisory	Patch	Confirmed	Link
			76017
			1033149
			http://www.oracle.com/technetwork/topics/security/bullet...
			DSA-3326
			[oss-security] 20150723 CVE-2015-3228 - Ghostscript - In...
			http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;...
			http://bugs.ghostscript.com/show_bug.cgi?id=696070
			http://bugs.ghostscript.com/show_bug.cgi?id=696041
			USN-2697-1
			https://bugzilla.redhat.com/show_bug.cgi?id=1232805
			GLSA-201612-33

CVE-2015-3228

2015-08-11 16:59:02 2017-09-21 03:29:06

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)