[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-757-1 -- Ghostscript vulnerabilities

ID: oval:org.secpod.oval:def:700473Date: (C)2011-05-13   (M)2017-10-04
Class: PATCHFamily: unix




It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript contained a buffer overflow in the BaseFont writer module. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript contained additional integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the jbig2dec library. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. USN-743-1 provided updated ghostscript and gs-gpl packages to fix two security vulnerabilities. This update corrects the same vulnerabilities in the gs-esp package. Original advisory details: It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript did not properly perform bounds checking in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program

Platform:
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product:
Ghostscript
Reference:
USN-757-1
CVE-2007-6725
CVE-2008-6679
CVE-2009-0196
CVE-2009-0583
CVE-2009-0584
CVE-2009-0792
CVE    6
CVE-2007-6725
CVE-2008-6679
CVE-2009-0196
CVE-2009-0583
...
CPE    1
cpe:/o:ubuntu:ubuntu_linux:8.04

© 2013 SecPod Technologies