Vulnerabilites related to ghostscript - ghostscript
Vulnerability from fkie_nvd
Published
2009-04-08 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | 8.60 | |
| ghostscript | ghostscript | 8.61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*",
"matchCriteriaId": "7B283683-D924-4C69-87F3-355ECC0DBA4B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function."
},
{
"lang": "es",
"value": "El filtro de decodificar CCITTFax en Ghostscript v8.60, v8.61, y posiblemente otras versiones, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de un fichero PDF modificado que provoca un desbordamiento inferior de b\u00fafer en la funci\u00f3n cf_decode_2d."
}
],
"id": "CVE-2007-6725",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-08T16:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34726"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "cve@mitre.org",
"url": "http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34337"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-21 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | 8.64 | |
| ghostscript | ghostscript | 8.70 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.64:*:*:*:*:*:*:*",
"matchCriteriaId": "70F9B613-59A2-4B38-AA0D-FF2ED9C30A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.70:*:*:*:*:*:*:*",
"matchCriteriaId": "51FF58BE-045F-4333-B96A-380B869C76AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n errprintf en base/gsmisc.c en ghostscript v8.64 hasta v8.70 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y probablemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero PDF modificado, como inicialmente se report\u00f3 por c\u00f3digo de registro de depuraci\u00f3n en gdevcups.c en el controlador de salida CUPS."
}
],
"id": "CVE-2009-4270",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-21T16:30:00.420",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/61140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37851"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/40580"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37410"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-961-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3597"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-961-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-12-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-28 21:44
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "EFB8DE9F-2130-49E9-85EE-6793ED9FBEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.0_x86_64:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4784E4-24D1-4E22-B880-846F21F52F73",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19D64247-F0A0-4984-84EA-B63FC901F002",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7AD2F3-451D-4F37-A6F3-DE676804BBA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrakesoft_corporate_server:3.0_x86_64:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8AA83A-C1D6-486F-A765-065E3BCAAC3F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrakesoft_corporate_server:4.0_x86_64:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9BC765-C645-417C-A01C-AD37AE9DC81E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:desktop:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8CB34E-02FE-4F90-9642-B56D3B3ACEF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:desktop:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB2579A-2BC9-4E16-9641-248222301660",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
"matchCriteriaId": "5833A489-D6DE-4D51-9E74-189CBC2E28CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:as_3:*:*:*:*:*:*:*",
"matchCriteriaId": "421C0021-66EB-4F4C-9D79-6366A4702CC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:as_4:*:*:*:*:*:*:*",
"matchCriteriaId": "F23BD8DF-6E8E-4DF2-A700-8E050D967547",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:es_3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0FE33D-756C-449F-B54C-8677C9AD002D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:es_4:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF1F027-C9FF-4583-AB40-E0B757F9EE41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA8914F-DB6D-4C21-A727-8B94BE0424BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:ws_4:*:*:*:*:*:*:*",
"matchCriteriaId": "B18EBE6E-482D-435D-851C-73EC301F0A26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*",
"matchCriteriaId": "AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_workstation:5:*:client:*:*:*:*:*",
"matchCriteriaId": "0E22A48D-9770-4BEC-BFA7-F9BD8C31AC44",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD12BC0-1E50-49C6-AD0D-8CE90F0E8449",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:novell_linux_pos:9:*:*:*:*:*:*:*",
"matchCriteriaId": "C1197AF2-7BAE-4035-8C56-885CD12BDB6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:open_suse:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A876EFC5-50DC-4A6A-A9F2-24D8AC773E7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:open_suse:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D71E02A6-5F83-46EC-88C1-687E6EB88F5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "F7446746-87B7-4BD3-AABF-1E0FAA8265AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_desktop:*:*:*:*:*",
"matchCriteriaId": "C4F119BA-1FCA-41DF-B834-62F14CA8816E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10:sp1:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "26B6132C-4FF0-4359-B0A6-BBA4ED73E1D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "84B05DB5-3BF9-4576-970B-A1701FC369AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:x86:*:*:*:*:*",
"matchCriteriaId": "F15CDDE2-BA9E-4B8D-8B01-21494360290E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_linux:10.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5B367EE1-EB53-4DC6-B154-FFA99060DA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:suse:suse_open_enterprise_server:0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B0E781-64D4-4C1B-A8DE-9EB9ECC7F0F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838F2E76-9050-499F-AE47-5EF3AB7104A3",
"versionEndIncluding": "8.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "EFB8DE9F-2130-49E9-85EE-6793ED9FBEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E68242D-465A-443F-9D25-BE57F9080394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace."
}
],
"id": "CVE-2008-0411",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-28T21:44:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29101"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29103"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29112"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29135"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29147"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29154"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29169"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29196"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29314"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29768"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"source": "secalert@redhat.com",
"tags": [
"URL Repurposed"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28017"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1019511"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://secunia.com/advisories/29768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/28017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id?1019511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-14 16:26
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | * | |
| ghostscript | ghostscript | 5.50 | |
| ghostscript | ghostscript | 7.05 | |
| ghostscript | ghostscript | 7.07 | |
| ghostscript | ghostscript | 8.0.1 | |
| ghostscript | ghostscript | 8.15 | |
| ghostscript | ghostscript | 8.15.2 | |
| ghostscript | ghostscript | 8.54 | |
| ghostscript | ghostscript | 8.56 | |
| ghostscript | ghostscript | 8.57 | |
| ghostscript | ghostscript | 8.61 | |
| ghostscript | ghostscript | 8.62 | |
| ghostscript | ghostscript | 8.63 | |
| argyllcms | argyllcms | * | |
| argyllcms | argyllcms | 0.1.0 | |
| argyllcms | argyllcms | 0.2.0 | |
| argyllcms | argyllcms | 0.2.1 | |
| argyllcms | argyllcms | 0.2.2 | |
| argyllcms | argyllcms | 0.3.0 | |
| argyllcms | argyllcms | 0.6.0 | |
| argyllcms | argyllcms | 0.7.0 | |
| argyllcms | argyllcms | 1.0.0 | |
| argyllcms | argyllcms | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04",
"versionEndIncluding": "8.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ECC8F7-93FD-427D-8395-F1B025CA4322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C3057C-9207-4BCD-88D4-625BE0EFAE85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0589F5F-9A14-4664-96E2-D3AD5B1C4907",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EEDC44-2DEB-4C76-9B28-322093F2F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC777BB-79B6-41F4-8756-E53630198D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E685ACA-3C9C-4A65-BCE4-3D4F663C938E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56941499-5BD0-4222-AD6C-D36DA165A02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "746233CB-AC91-404E-9763-797AD1DCAF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "787A9326-05FB-4766-A8F5-06C31763D2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "90A92F2B-E055-4FBF-BE3F-E115590F2685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E228BF5-1FD4-4507-8451-82975E209FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1C3135-314E-48F7-A2A3-FC7FF071D1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de entero en icc.c en el International Color Consortium (ICC) Format library (tambi\u00e9n conocido como icclib), como lo utilizado en Ghostscript v8.64 y versiones anteriores y Argyll Color Management System (CMS) v1.0.3 y versiones anteriores, permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (desbordamiento de b\u00fafer basado en mont\u00edculo y ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n utilizado un fichero de dispositivo para una petici\u00f3n de traducci\u00f3n que opera en un fichero de imagen manipulado y tiene como objetivo un determinado \"espacio de color nativo,\" relacionado con un perfil ICC en un (1) PostScript o (2) fichero PDF file with embedded image con im\u00e1genes embebidas.\r\nNOTA: esta cuesti\u00f3n existe debido a una modificaci\u00f3n inicial imcompleta de CVE-2009-0583."
}
],
"id": "CVE-2009-0792",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-14T16:26:56.110",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34711"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34726"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-23 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | * | |
| ghostscript | ghostscript | 5.50 | |
| ghostscript | ghostscript | 7.05 | |
| ghostscript | ghostscript | 7.07 | |
| ghostscript | ghostscript | 8.0.1 | |
| ghostscript | ghostscript | 8.15 | |
| ghostscript | ghostscript | 8.15.2 | |
| ghostscript | ghostscript | 8.54 | |
| ghostscript | ghostscript | 8.56 | |
| ghostscript | ghostscript | 8.57 | |
| ghostscript | ghostscript | 8.61 | |
| ghostscript | ghostscript | 8.62 | |
| ghostscript | ghostscript | 8.63 | |
| argyllcms | argyllcms | * | |
| argyllcms | argyllcms | 0.1.0 | |
| argyllcms | argyllcms | 0.2.0 | |
| argyllcms | argyllcms | 0.2.1 | |
| argyllcms | argyllcms | 0.2.2 | |
| argyllcms | argyllcms | 0.3.0 | |
| argyllcms | argyllcms | 0.6.0 | |
| argyllcms | argyllcms | 0.7.0 | |
| argyllcms | argyllcms | 1.0.0 | |
| argyllcms | argyllcms | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04",
"versionEndIncluding": "8.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ECC8F7-93FD-427D-8395-F1B025CA4322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C3057C-9207-4BCD-88D4-625BE0EFAE85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0589F5F-9A14-4664-96E2-D3AD5B1C4907",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EEDC44-2DEB-4C76-9B28-322093F2F8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC777BB-79B6-41F4-8756-E53630198D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E685ACA-3C9C-4A65-BCE4-3D4F663C938E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56941499-5BD0-4222-AD6C-D36DA165A02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "746233CB-AC91-404E-9763-797AD1DCAF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "787A9326-05FB-4766-A8F5-06C31763D2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:0.7.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "90A92F2B-E055-4FBF-BE3F-E115590F2685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E228BF5-1FD4-4507-8451-82975E209FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:argyllcms:argyllcms:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1C3135-314E-48F7-A2A3-FC7FF071D1F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en icc.c en la libreria de formatos (alias icclib) del International Color Consortium (ICC), tal como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permiten causar una denegaci\u00f3n de servicio (con desbordamiento de b\u00fafer basado en pila y ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes de contexto y posiblemente ejecutar c\u00f3digo arbitrario por medio de un fichero de dispositivo para una solicitud de traducci\u00f3n que opera en un archivo de imagen creado y se dirige a un determinado \"espacio de color nativo\", en relaci\u00f3n con un perfil ICC en un (1) PostScript o (2) archivo PDF con im\u00e1genes incrustadas."
}
],
"id": "CVE-2009-0583",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-23T20:00:00.343",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34266"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34381"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34393"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34398"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34418"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34437"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34443"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34469"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1021868"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/34184"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-743-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-743-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-23 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| argyllcms | cms | * | |
| ghostscript | ghostscript | * | |
| ghostscript | ghostscript | 0 | |
| ghostscript | ghostscript | 5.50 | |
| ghostscript | ghostscript | 7.05 | |
| ghostscript | ghostscript | 7.07 | |
| ghostscript | ghostscript | 8.0.1 | |
| ghostscript | ghostscript | 8.15 | |
| ghostscript | ghostscript | 8.15.2 | |
| ghostscript | ghostscript | 8.54 | |
| ghostscript | ghostscript | 8.56 | |
| ghostscript | ghostscript | 8.57 | |
| ghostscript | ghostscript | 8.60 | |
| ghostscript | ghostscript | 8.61 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argyllcms:cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E37C8B4A-24A1-420A-A82F-190B3D343C68",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04",
"versionEndIncluding": "8.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E68242D-465A-443F-9D25-BE57F9080394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ECC8F7-93FD-427D-8395-F1B025CA4322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*",
"matchCriteriaId": "7B283683-D924-4C69-87F3-355ECC0DBA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
},
{
"lang": "es",
"value": "icc.c, perteneciente a la librer\u00eda de formatos del International Color Consortium (ICC) (alias icclib), tal y como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permite causar una denegaci\u00f3n de servicio (con ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes de contexto, o posiblemente ejecutar c\u00f3digo arbitrario por medio de un fichero de dispositivo dise\u00f1ado para procesar archivos de imagen con modificaciones relacionadas con valores enteros grandes para determinados tama\u00f1os, en relaci\u00f3n con un perfil ICC en un (1) PostScript o (2) un archivo PDF con im\u00e1genes incrustadas."
}
],
"id": "CVE-2009-0584",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-23T20:00:00.377",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/52988"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34266"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34381"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34393"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34398"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34418"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34437"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34443"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34469"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1021868"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/34184"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-743-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-743-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-08 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | 8.62 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00f3dulo de escritura BaseFont en Ghostscript v8.62, y posiblemente otras versiones, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda ps2pdf) y posiblemente ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de un fichero Postscript."
}
],
"id": "CVE-2008-6679",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-08T16:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-16 15:12
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | * | |
| ghostscript | ghostscript | 0 | |
| ghostscript | ghostscript | 5.50 | |
| ghostscript | ghostscript | 7.07 | |
| ghostscript | ghostscript | 8.0.1 | |
| ghostscript | ghostscript | 8.15 | |
| ghostscript | ghostscript | 8.15.2 | |
| ghostscript | ghostscript | 8.54 | |
| ghostscript | ghostscript | 8.56 | |
| ghostscript | ghostscript | 8.57 | |
| ghostscript | ghostscript | 8.60 | |
| ghostscript | ghostscript | 8.61 | |
| ghostscript | ghostscript | 8.62 | |
| ghostscript | ghostscript | 8.63 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04",
"versionEndIncluding": "8.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E68242D-465A-443F-9D25-BE57F9080394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*",
"matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*",
"matchCriteriaId": "7B283683-D924-4C69-87F3-355ECC0DBA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C3057C-9207-4BCD-88D4-625BE0EFAE85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n big2_decode_symbol_dict (jbig2_symbol_dict.c) en la librer\u00eda de decodificaci\u00f3n JBIG2 (jbig2dec) en Ghostscript 8.64 y posiblemente versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero PDF que contenga un segmento de diccionario de s\u00edmbolos JBIG2 con un valor grande de longitud de repetici\u00f3n(run length)."
}
],
"id": "CVE-2009-0196",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-16T15:12:57.343",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/53492"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34292"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34445"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1022029"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/53492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| argyllcms | cms | - | |
| color | icclib | - | |
| ghostscript | ghostscript | 9.06 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argyllcms:cms:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56ABA324-0E9B-4A36-81E8-DC30AEE06A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:color:icclib:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45A77810-0D13-4CF3-A1FE-2F31913DCA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:9.06:*:*:*:*:*:*:*",
"matchCriteriaId": "D34E7940-94CB-492F-92DD-78786EB59570",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos inferiores de enteros en la funci\u00f3n icmLut_allocate en la librer\u00eda del formato International Color Consortium (ICC),icclib, tal y como se utiliza en Ghostscript v9.06 y Argyll Color Management System, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un (1) PostScript o (2) Archivo PDF hecho a mano con im\u00e1genes incrustadas, lo que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap). NOTA: este problema se describe tambi\u00e9n como un error de \u00edndice de matriz.\r\n"
}
],
"id": "CVE-2012-4405",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-18T17:55:07.913",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50719"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55494"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027517"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ghostscript | ghostscript | 8.62 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Ghostscript 8.62 permite a atacantes remotos ejecutar c\u00f3digo PostScript arbitrario a trav\u00e9s de un fichero troyano de la librer\u00eda Postscript en Encoding/ bajo el directorio de trabajo actual, una vulnerabilidad diferente a CVE-2010-2055."
}
],
"id": "CVE-2010-4820",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-27T01:55:23.140",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0095.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0096.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/511433"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51847"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771853"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-4820 (GCVE-0-2010-4820)
Vulnerability from cvelistv5
Published
2014-10-27 01:00
Modified
2024-08-07 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771853"
},
{
"name": "[oss-security] 20120104 Re: CVE request: ghostscript: system initialization file uncontrolled search path element",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
},
{
"name": "RHSA-2012:0096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0096.html"
},
{
"name": "RHSA-2012:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0095.html"
},
{
"name": "20100522 Ghostscript 8.64 executes random code at startup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511433"
},
{
"name": "51847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-27T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771853"
},
{
"name": "[oss-security] 20120104 Re: CVE request: ghostscript: system initialization file uncontrolled search path element",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
},
{
"name": "RHSA-2012:0096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0096.html"
},
{
"name": "RHSA-2012:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0095.html"
},
{
"name": "20100522 Ghostscript 8.64 executes random code at startup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511433"
},
{
"name": "51847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51847"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4820",
"datePublished": "2014-10-27T01:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-07T04:02:29.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4405 (GCVE-0-2012-4405)
Vulnerability from cvelistv5
Published
2012-09-18 17:00
Modified
2024-08-06 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
},
{
"name": "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"name": "openSUSE-SU-2012:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"name": "MDVSA-2013:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"name": "MDVSA-2013:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"name": "55494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55494"
},
{
"name": "50719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50719"
},
{
"name": "SUSE-SU-2012:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"name": "openSUSE-SU-2012:1289",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"name": "icclib-pdf-bo(78411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"name": "1027517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027517"
},
{
"name": "USN-1581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"name": "MDVSA-2012:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
},
{
"name": "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"name": "openSUSE-SU-2012:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"name": "MDVSA-2013:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"name": "MDVSA-2013:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"name": "55494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55494"
},
{
"name": "50719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50719"
},
{
"name": "SUSE-SU-2012:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"name": "openSUSE-SU-2012:1289",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"name": "icclib-pdf-bo(78411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"name": "1027517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027517"
},
{
"name": "USN-1581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"name": "MDVSA-2012:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4405",
"datePublished": "2012-09-18T17:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0584 (GCVE-0-2009-0584)
Vulnerability from cvelistv5
Published
2009-03-23 19:26
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52988"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "oval:org.mitre.oval:def:10544",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "ghostscript-icclib-bo(49327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52988"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "oval:org.mitre.oval:def:10544",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "ghostscript-icclib-bo(49327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0584",
"datePublished": "2009-03-23T19:26:00",
"dateReserved": "2009-02-13T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0411 (GCVE-0-2008-0411)
Vulnerability from cvelistv5
Published
2008-02-28 21:00
Modified
2024-08-07 07:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29103"
},
{
"name": "USN-599-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"name": "GLSA-200803-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"name": "29154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29154"
},
{
"name": "29196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29196"
},
{
"name": "20080228 Ghostscript buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"name": "ADV-2008-0693",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"name": "29314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29314"
},
{
"name": "20080228 rPSA-2008-0082-1 espgs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"name": "29101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"name": "29112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29112"
},
{
"name": "SUSE-SA:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"name": "29147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29147"
},
{
"name": "MDVSA-2008:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"name": "29768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29768"
},
{
"name": "1019511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019511"
},
{
"name": "DSA-1510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"name": "RHSA-2008:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"name": "28017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"name": "FEDORA-2008-1998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
},
{
"name": "29135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29135"
},
{
"name": "29169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29169"
},
{
"name": "SSA:2008-062-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "29103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29103"
},
{
"name": "USN-599-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"name": "GLSA-200803-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"name": "29154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29154"
},
{
"name": "29196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29196"
},
{
"name": "20080228 Ghostscript buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"name": "ADV-2008-0693",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"name": "29314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29314"
},
{
"name": "20080228 rPSA-2008-0082-1 espgs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"name": "29101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"name": "29112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29112"
},
{
"name": "SUSE-SA:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"name": "29147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29147"
},
{
"name": "MDVSA-2008:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"name": "29768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29768"
},
{
"name": "1019511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019511"
},
{
"name": "DSA-1510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"name": "RHSA-2008:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"name": "28017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"name": "FEDORA-2008-1998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
},
{
"name": "29135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29135"
},
{
"name": "29169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29169"
},
{
"name": "SSA:2008-062-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29103"
},
{
"name": "USN-599-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"name": "GLSA-200803-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"name": "29154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29154"
},
{
"name": "29196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29196"
},
{
"name": "20080228 Ghostscript buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"name": "ADV-2008-0693",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"name": "29314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29314"
},
{
"name": "20080228 rPSA-2008-0082-1 espgs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9557",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"name": "29101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29101"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0082",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"name": "29112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29112"
},
{
"name": "SUSE-SA:2008:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"name": "29147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29147"
},
{
"name": "MDVSA-2008:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"name": "https://issues.rpath.com/browse/RPL-2217",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"name": "29768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29768"
},
{
"name": "1019511",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019511"
},
{
"name": "DSA-1510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"name": "RHSA-2008:0155",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"name": "28017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28017"
},
{
"name": "http://scary.beasts.org/security/CESA-2008-001.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"name": "FEDORA-2008-1998",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
},
{
"name": "29135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29135"
},
{
"name": "29169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29169"
},
{
"name": "SSA:2008-062-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0411",
"datePublished": "2008-02-28T21:00:00",
"dateReserved": "2008-01-23T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0583 (GCVE-0-2009-0583)
Vulnerability from cvelistv5
Published
2009-03-23 19:26
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"name": "oval:org.mitre.oval:def:10795",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "ghostscript-icclib-native-color-bo(49329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"name": "oval:org.mitre.oval:def:10795",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "ghostscript-icclib-native-color-bo(49329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0583",
"datePublished": "2009-03-23T19:26:00",
"dateReserved": "2009-02-13T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0196 (GCVE-0-2009-0196)
Vulnerability from cvelistv5
Published
2009-04-16 15:00
Modified
2024-08-07 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "ADV-2009-0983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"name": "34445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34445"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "34292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34292"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "1022029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022029"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "53492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53492"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "ADV-2009-0983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"name": "34445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34445"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "34292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34292"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "1022029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022029"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "53492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53492"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"name": "FEDORA-2009-3709",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "ADV-2009-0983",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"name": "34445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34445"
},
{
"name": "262288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "34292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34292"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10533",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"name": "MDVSA-2009:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "1022029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022029"
},
{
"name": "35559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "53492",
"refsource": "OSVDB",
"url": "http://osvdb.org/53492"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "http://secunia.com/secunia_research/2009-21/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=337747",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"name": "34667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2009-0196",
"datePublished": "2009-04-16T15:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4270 (GCVE-0-2009-4270)
Vulnerability from cvelistv5
Published
2009-12-21 16:00
Modified
2024-08-07 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"name": "MDVSA-2010:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"name": "[oss-security] 20091217 possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"name": "USN-961-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-961-1"
},
{
"name": "MDVSA-2010:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"name": "ADV-2009-3597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3597"
},
{
"name": "61140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61140"
},
{
"name": "40580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40580"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
},
{
"name": "37851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37851"
},
{
"name": "37410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-02T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"name": "MDVSA-2010:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"name": "[oss-security] 20091217 possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"name": "USN-961-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-961-1"
},
{
"name": "MDVSA-2010:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"name": "ADV-2009-3597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3597"
},
{
"name": "61140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61140"
},
{
"name": "40580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40580"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
},
{
"name": "37851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37851"
},
{
"name": "37410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4270",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-12-10T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10216 (GCVE-0-2019-10216)
Vulnerability from cvelistv5
Published
2019-11-27 12:10
Modified
2024-08-04 22:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ghostscript | ghostscript |
Version: before 9.50 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202004-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ghostscript",
"vendor": "ghostscript",
"versions": [
{
"status": "affected",
"version": "before 9.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T21:06:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202004-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "before 9.50"
}
]
}
}
]
},
"vendor_name": "ghostscript"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202004-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10216",
"datePublished": "2019-11-27T12:10:12",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:17:18.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14869 (GCVE-0-2019-14869)
Vulnerability from cvelistv5
Published
2019-11-15 11:55
Modified
2024-08-05 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ghostscript | ghostscript |
Version: all versions of ghostscript 9.x before 9.28 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869"
},
{
"name": "[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/15/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701841"
},
{
"name": "FEDORA-2019-17f42f585a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/"
},
{
"name": "20191118 [SECURITY] [DSA 4569-1] ghostscript security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/27"
},
{
"name": "FEDORA-2019-6cdb10aa59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/"
},
{
"name": "openSUSE-SU-2019:2534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html"
},
{
"name": "openSUSE-SU-2019:2535",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html"
},
{
"name": "FEDORA-2019-7debdd1807",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/"
},
{
"name": "RHSA-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0222"
},
{
"name": "JVN#52486659",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52486659/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ghostscript",
"vendor": "Ghostscript",
"versions": [
{
"status": "affected",
"version": "all versions of ghostscript 9.x before 9.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T04:06:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869"
},
{
"name": "[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/15/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701841"
},
{
"name": "FEDORA-2019-17f42f585a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/"
},
{
"name": "20191118 [SECURITY] [DSA 4569-1] ghostscript security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/27"
},
{
"name": "FEDORA-2019-6cdb10aa59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/"
},
{
"name": "openSUSE-SU-2019:2534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html"
},
{
"name": "openSUSE-SU-2019:2535",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html"
},
{
"name": "FEDORA-2019-7debdd1807",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/"
},
{
"name": "RHSA-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0222"
},
{
"name": "JVN#52486659",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52486659/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-14869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "all versions of ghostscript 9.x before 9.28"
}
]
}
}
]
},
"vendor_name": "Ghostscript"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869"
},
{
"name": "[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/15/1"
},
{
"name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f",
"refsource": "CONFIRM",
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=701841",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701841"
},
{
"name": "FEDORA-2019-17f42f585a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/"
},
{
"name": "20191118 [SECURITY] [DSA 4569-1] ghostscript security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/27"
},
{
"name": "FEDORA-2019-6cdb10aa59",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/"
},
{
"name": "openSUSE-SU-2019:2534",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html"
},
{
"name": "openSUSE-SU-2019:2535",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html"
},
{
"name": "FEDORA-2019-7debdd1807",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/"
},
{
"name": "RHSA-2020:0222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0222"
},
{
"name": "JVN#52486659",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52486659/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14869",
"datePublished": "2019-11-15T11:55:54",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6725 (GCVE-0-2007-6725)
Vulnerability from cvelistv5
Published
2009-04-08 16:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2008-5699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "34337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34337"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "oval:org.mitre.oval:def:9507",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2008-5699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "34337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34337"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "oval:org.mitre.oval:def:9507",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "RHSA-2009:0420",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2008-5699",
"refsource": "FEDORA",
"url": "http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html"
},
{
"name": "262288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=229174",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name": "MDVSA-2009:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "34337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34337"
},
{
"name": "34732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "oval:org.mitre.oval:def:9507",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name": "MDVSA-2009:096",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=493442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name": "USN-757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6725",
"datePublished": "2009-04-08T16:00:00",
"dateReserved": "2009-04-08T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0792 (GCVE-0-2009-0792)
Vulnerability from cvelistv5
Published
2009-04-14 16:00
Modified
2024-08-07 04:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11207",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2009-3430",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "ghostscript-icc-bo(50381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "FEDORA-2009-3435",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34711"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34726"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11207",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2009-3430",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "ghostscript-icc-bo(50381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "FEDORA-2009-3435",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34711"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34726"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34667"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0792",
"datePublished": "2009-04-14T16:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6679 (GCVE-0-2008-6679)
Vulnerability from cvelistv5
Published
2009-04-08 16:00
Modified
2024-08-07 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "oval:org.mitre.oval:def:10019",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "oval:org.mitre.oval:def:10019",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "oval:org.mitre.oval:def:10019",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"name": "FEDORA-2009-3709",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "262288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34729"
},
{
"name": "http://bugs.ghostscript.com/show_bug.cgi?id=690211",
"refsource": "CONFIRM",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "35559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35559"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=493445",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "34667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6679",
"datePublished": "2009-04-08T16:00:00",
"dateReserved": "2009-04-08T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}