| Título | ArtifexSoftware GhostPDL 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 NULL Pointer Dereference |
|---|
| Descrição | We recently identified a bug in the latest version of the GhostPDL project. In devices/vector/gdevpdf.c, a null pointer dereference exception is triggered on line 2912, in the pdf_ferrorfunction. The cause appears to originate from the pdf_open function on line 2003, where the presence of a parent device causes the code to skip file initialization, leaving pdev->file as null. Later, pdf_ferror unconditionally calls gp_fflush(pdev->file) without checking for null, inducing the crash. The below reference lines may be helpful:
https://github.com/ArtifexSoftware/ghostpdl/blob/22ba380480b6afe32331bc7ce918c2123fb89ae3/devices/vector/gdevpdf.c#L2912
https://github.com/ArtifexSoftware/ghostpdl/blob/22ba380480b6afe32331bc7ce918c2123fb89ae3/devices/vector/gdevpdf.c#L2003
The team has already fixed this issue in this commit: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=619a106ba4c4 |
|---|
| Utilizador | CyberGym (UID 87553) |
|---|
| Submissão | 06/07/2025 20h14 (há 11 meses) |
|---|
| Moderação | 11/07/2025 13h29 (5 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 316113 [Artifex GhostPDL até 3989415a5b8e99b9d1b87cc9902bde9b7cdea145 New Output File Open Error devices/vector/gdevpdf.c pdf_ferror Negação de Serviço] |
|---|
| Pontos | 17 |
|---|