Mageia Bugzilla – Attachment 9807 Details for
Bug 22052
ghostscript new security issues CVE-2017-6196, CVE-2017-7948, CVE-2017-8908, CVE-2017-9216, CVE-2017-961[089], CVE-2017-9620, CVE-2017-9740, CVE-2017-11714
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
List of POCs for various CVEs
report.171128 (text/plain), 2.30 KB, created by
Len Lawrence
on 2017-11-28 10:46:57 CET
(
hide
)
Description:
List of POCs for various CVEs
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2017-11-28 10:46:57 CET
Size:
2.30 KB
patch
obsolete
>Mageia 6 :: x86_64 :: 2017-11-28 > >CVE-2017-6196 >gs_uaf_i_free_object >https://bugs.ghostscript.com/show_bug.cgi?id=697596 >$ gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER gs_uaf_i_free_object -c quit >Unrecoverable error. >Afterwards: = > >CVE-2017-7948 >gs_oobw_cursor_output_inrange_tr >gs_oobw_mark_line_tr >https://bugs.ghostscript.com/show_bug.cgi?id=697762 >$ gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER gs_oobw_mark_line_tr -c quit >Could not find a font on the system. > >CVE-2017-8908 >gs_oobw_mark_line_tr >https://bugs.ghostscript.com/show_bug.cgi?id=697810 >$ gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER gs_oobr_mark_line_tr -c quit >Could not find font with name 0 >Afterwards: = > >CVE-2017-9216 >CVE-2017-9610 >u16 >https://bugs.ghostscript.com/show_bug.cgi?id=698025 >$ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE u16 >Segmentation fault (core dumped) >Afterwards: = > >CVE-2017-9618 >xpsfont_xps_load_sfnt_name >https://bugs.ghostscript.com/show_bug.cgi?id=698044 >$ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xpsfont_xps_load_sfnt_name >largest_free value = 696 is too large, cannot find room for size = 48 >largest_free value = 696 is too large, cannot find room for size = 168 >largest_free value = 696 is too large, cannot find room for size = 336 >largest_free value = 696 is too large, cannot find room for size = 96 >largest_free value = 696 is too large, cannot find room for size = 96 >largest_free value = 696 is too large, cannot find room for size = 480 >largest_free value = 696 is too large, cannot find room for size = 480 >Segmentation fault (core dumped) >Afterwards: = > >CVE-2017-9619 >xpsttf_u16 >https://bugs.ghostscript.com/show_bug.cgi?id=698042 >$ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xpsttf_u16 >Segmentation fault (core dumped) >Afterwards: = > >CVE-2017-9620 >xps_encode_font_char_imp >https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9620 >$ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xps_encode_font_char_imp >Segmentation fault (core dumped) >Afterwards: = > >CVE-2017-9740 >xps_decode_font_char_imp >https://bugs.ghostscript.com/show_bug.cgi?id=698064 >$ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xps_decode_font_char_imp >GPL Ghostscript 9.05: Failed to interpret TT instructions in font Unknown. Continue ignoring instructions of the font. >Afterwards: =
Mageia 6 :: x86_64 :: 2017-11-28 CVE-2017-6196 gs_uaf_i_free_object https://bugs.ghostscript.com/show_bug.cgi?id=697596 $ gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER gs_uaf_i_free_object -c quit Unrecoverable error. Afterwards: = CVE-2017-7948 gs_oobw_cursor_output_inrange_tr gs_oobw_mark_line_tr https://bugs.ghostscript.com/show_bug.cgi?id=697762 $ gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER gs_oobw_mark_line_tr -c quit Could not find a font on the system. CVE-2017-8908 gs_oobw_mark_line_tr https://bugs.ghostscript.com/show_bug.cgi?id=697810 $ gs -dNOPAUSE -sDEVICE=bit -sOUTPUTFILE=/dev/null -dSAFER gs_oobr_mark_line_tr -c quit Could not find font with name 0 Afterwards: = CVE-2017-9216 CVE-2017-9610 u16 https://bugs.ghostscript.com/show_bug.cgi?id=698025 $ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE u16 Segmentation fault (core dumped) Afterwards: = CVE-2017-9618 xpsfont_xps_load_sfnt_name https://bugs.ghostscript.com/show_bug.cgi?id=698044 $ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xpsfont_xps_load_sfnt_name largest_free value = 696 is too large, cannot find room for size = 48 largest_free value = 696 is too large, cannot find room for size = 168 largest_free value = 696 is too large, cannot find room for size = 336 largest_free value = 696 is too large, cannot find room for size = 96 largest_free value = 696 is too large, cannot find room for size = 96 largest_free value = 696 is too large, cannot find room for size = 480 largest_free value = 696 is too large, cannot find room for size = 480 Segmentation fault (core dumped) Afterwards: = CVE-2017-9619 xpsttf_u16 https://bugs.ghostscript.com/show_bug.cgi?id=698042 $ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xpsttf_u16 Segmentation fault (core dumped) Afterwards: = CVE-2017-9620 xps_encode_font_char_imp https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9620 $ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xps_encode_font_char_imp Segmentation fault (core dumped) Afterwards: = CVE-2017-9740 xps_decode_font_char_imp https://bugs.ghostscript.com/show_bug.cgi?id=698064 $ gxps -sDEVICE=pdfwrite -sOutputFile=/dev/null -dNOPAUSE xps_decode_font_char_imp GPL Ghostscript 9.05: Failed to interpret TT instructions in font Unknown. Continue ignoring instructions of the font. Afterwards: =
View Attachment As Raw
Actions:
View
Attachments on
bug 22052
: 9807