[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

MDVSA-2009:311 -- Mandriva ghostscript

ID: oval:org.secpod.oval:def:300532Date: (C)2012-01-07   (M)2023-12-26
Class: PATCHFamily: unix




Multiple security vulnerabilities has been identified and fixed in ghostscript: A buffer underflow in Ghostscript"s CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file . Buffer overflow in Ghostscript"s BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file . Multiple interger overflows in Ghostsript"s International Color Consortium Format Library allows attackers to cause denial of service and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images . Multiple interger overflows in Ghostsript"s International Color Consortium Format Library allows attackers to cause denial of service and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 . Heap-based overflow in Ghostscript"s JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file . Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation . Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf . Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for that vulnerabilities.

Platform:
Mandriva Linux 2008.0
Product:
ghostscript
Reference:
MDVSA-2009:311
CVE-2009-0792
CVE-2009-0584
CVE-2009-0583
CVE-2009-0196
CVE-2008-6679
CVE-2008-3522
CVE-2008-3520
CVE-2007-6725
CVE    8
CVE-2007-6725
CVE-2008-3520
CVE-2008-3522
CVE-2008-6679
...
CPE    1
cpe:/o:mandriva:linux:2008.0

© SecPod Technologies