Vulnerabilities > CVE-2015-3228 - Numeric Errors vulnerability in Artifex Afpl Ghostscript
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-33.NASL description The remote host is affected by the vulnerability described in GLSA-201612-33 (GPL Ghostscript: User-assisted execution of arbitrary code) An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gs_ttf.ps. Impact : A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95736 published 2016-12-13 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95736 title GLSA-201612-33 : GPL Ghostscript: User-assisted execution of arbitrary code code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201612-33. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(95736); script_version("$Revision: 3.1 $"); script_cvs_date("$Date: 2016/12/13 18:01:19 $"); script_cve_id("CVE-2015-3228"); script_xref(name:"GLSA", value:"201612-33"); script_name(english:"GLSA-201612-33 : GPL Ghostscript: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201612-33 (GPL Ghostscript: User-assisted execution of arbitrary code) An integer overflow flaw was discovered that leads to an out-of-bounds read and write in gs_ttf.ps. Impact : A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201612-33" ); script_set_attribute( attribute:"solution", value: "All GPL Ghostscript users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/ghostscript-gpl-9.09'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ghostscript-gpl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-text/ghostscript-gpl", unaffected:make_list("ge 9.09"), vulnerable:make_list("lt 9.09"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GPL Ghostscript"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-537.NASL description Ghostscript was updated to fix one security issue. The following vulnerability was fixed : - CVE-2015-3228: Specially crafted files could have caused an interger overflow, resulting in a crash of the application or unspecified other impact (bsc#939342) last seen 2020-06-05 modified 2015-08-07 plugin id 85260 published 2015-08-07 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85260 title openSUSE Security Update : ghostscript (openSUSE-2015-537) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-427.NASL description ghostscript was updated to fix one security issue and one bug. The following vulnerability was fixed : - CVE-2015-3228: Specially crafted ps files could have caused an out of bound read/write due to an integer overflow, causing a segfault in the application or having unspecified further impact. Also a non security bug was fixed : - fix a crash in mutex handling (bsc#963017) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-04-07 plugin id 90381 published 2016-04-07 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90381 title openSUSE Security Update : ghostscript (openSUSE-2016-427) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0884-1.NASL description ghostscript was updated to fix one security issue and one bug. The following vulnerability was fixed : - CVE-2015-3228: Specially crafted ps files could have caused an out of bound read/write due to an integer overflow, causing a segfault in the application or having unspecified further impact. Also a non security bug was fixed : - fix a crash in mutex handling (bsc#963017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 90187 published 2016-03-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90187 title SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2016:0884-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2493-1.NASL description This update for ghostscript-library fixes the following issues : - Multiple security vulnerabilities have been discovered where ghostscript last seen 2020-06-01 modified 2020-06-02 plugin id 94007 published 2016-10-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94007 title SUSE SLES11 Security Update : ghostscript-library (SUSE-SU-2016:2493-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3326.NASL description William Robinet and Stefan Cornelius discovered an integer overflow in Ghostscript, the GPL PostScript/PDF interpreter, which may result in denial of service or potentially execution of arbitrary code if a specially crafted file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 85165 published 2015-08-03 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85165 title Debian DSA-3326-1 : ghostscript - security update NASL family Debian Local Security Checks NASL id DEBIAN_DLA-280.NASL description In gs_heap_alloc_bytes(), add a sanity check to ensure we don last seen 2020-03-17 modified 2015-07-27 plugin id 84989 published 2015-07-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84989 title Debian DLA-280-1 : ghostscript security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FC1F66584F5311E5934B002590263BF5.NASL description MITRE reports : Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. last seen 2020-06-01 modified 2020-06-02 plugin id 85731 published 2015-09-02 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85731 title FreeBSD : ghostscript -- denial of service (crash) via crafted Postscript files (fc1f6658-4f53-11e5-934b-002590263bf5) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2697-1.NASL description William Robinet and Stefan Cornelius discovered that Ghostscript did not correctly handle certain Postscript files. If a user or automated system were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85155 published 2015-07-31 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85155 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ghostscript vulnerability (USN-2697-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1088.NASL description According to the version of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.(CVE-2015-3228) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122710 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122710 title EulerOS Virtualization 2.5.2 : ghostscript (EulerOS-SA-2019-1088) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1177.NASL description According to the version of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An integer overflow flaw was discovered in one of Ghostscript last seen 2020-03-19 modified 2019-04-09 plugin id 123863 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123863 title EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1177)
References
- http://bugs.ghostscript.com/show_bug.cgi?id=696041
- http://bugs.ghostscript.com/show_bug.cgi?id=696041
- http://bugs.ghostscript.com/show_bug.cgi?id=696070
- http://bugs.ghostscript.com/show_bug.cgi?id=696070
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=0c0b0859
- http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=0c0b0859
- http://openwall.com/lists/oss-security/2015/07/23/14
- http://openwall.com/lists/oss-security/2015/07/23/14
- http://www.debian.org/security/2015/dsa-3326
- http://www.debian.org/security/2015/dsa-3326
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- http://www.securityfocus.com/bid/76017
- http://www.securityfocus.com/bid/76017
- http://www.securitytracker.com/id/1033149
- http://www.securitytracker.com/id/1033149
- http://www.ubuntu.com/usn/USN-2697-1
- http://www.ubuntu.com/usn/USN-2697-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1232805
- https://bugzilla.redhat.com/show_bug.cgi?id=1232805
- https://security.gentoo.org/glsa/201612-33
- https://security.gentoo.org/glsa/201612-33