ox ruby gem segmentation fault via parse_obj
Published: October 27, 2017
SECURITY IDENTIFIERS
- CVE: CVE-2017-15928 (NVD)
- GHSA: GHSA-pjj4-w39g-pw54
- Vendor Advisory: https://github.com/ohler55/ox/issues/194
GEM
SEVERITY
PATCHED VERSIONS
>= 2.8.1
DESCRIPTION
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.