Artifex GhostPDL Null Pointer Dereference Vulnerability in New Output File Open Error Handler

A null pointer dereference vulnerability has been identified in Artifex GhostPDL versions prior to the commit 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. The issue arises in the 'pdf_ferror' function within 'devices/vector/gdevpdf.c', specifically in the New Output File Open Error Handler component. The vulnerability can be exploited remotely, leading to a crash or unexpected behavior of the application.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which typically results in a crash or termination of the application.

Reproduction

The vulnerability can be reproduced by invoking the 'pdf_ferror' function on a 'gx_device_pdf' object that has not properly initialized its file pointer. This can occur if the 'pdf_open' function is called with a parent device, causing the file initialization to be skipped. As a result, 'pdev->file' remains null, and when 'pdf_ferror' is called, it attempts to flush the null file pointer, triggering the dereference error.

Remediation

Users are advised to update to the version containing the patch identified by the commit hash '619a106ba4c4abed95110f84d5efcd7aee38c7cb'.