CVE-2015-3228Improper Restriction of Operations within the Bounds of a Memory Buffer in Afpl Ghostscript

CWE-189CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
1.0%
top 23.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptArtifex Afpl Ghostscript
Timeline
PublishedAug 11
Latest updateMay 17

Description

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianartifex/ghostscript< 9.15~dfsg-1+3

🔴Vulnerability Details

3
GHSA
GHSA-jf9j-9gh2-gp45: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc2022-05-17
CVEList
CVE-2015-3228: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc2015-08-11
OSV
CVE-2015-3228: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc2015-08-11

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerability2015-07-30
Red Hat
ghostscript-core: out-of-bounbds read and write in gs_ttf.ps2015-07-23
Debian
CVE-2015-3228: ghostscript - Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghost...2015

💬Community

1
Bugzilla
CVE-2015-3228 ghostscript-core: out-of-bounbds read and write in gs_ttf.ps2015-06-17
CVE-2015-3228 — Artifex Afpl Ghostscript vulnerability | cvebase