MDVSA-2009:311 -- Mandriva ghostscriptID: oval:org.secpod.oval:def:300532 | Date: (C)2012-01-07 (M)2023-12-26 |
Class: PATCH | Family: unix |
Multiple security vulnerabilities has been identified and fixed in ghostscript: A buffer underflow in Ghostscript"s CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file . Buffer overflow in Ghostscript"s BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file . Multiple interger overflows in Ghostsript"s International Color Consortium Format Library allows attackers to cause denial of service and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images . Multiple interger overflows in Ghostsript"s International Color Consortium Format Library allows attackers to cause denial of service and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 . Heap-based overflow in Ghostscript"s JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file . Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation . Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf . Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for that vulnerabilities.
Platform: |
Mandriva Linux 2008.0 |