Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200803-14
HistoryMar 08, 2008 - 12:00 a.m.

Ghostscript: Buffer overflow

2008-03-0800:00:00
Gentoo Foundation
security.gentoo.org
9

0.148 Low

EPSS

Percentile

95.8%

JSON

Background

Ghostscript is a suite of software based on an interpreter for PostScript and PDF.

Description

Chris Evans (Google Security) discovered a stack-based buffer overflow within the zseticcspace() function in the file zicc.c when processing a PostScript file containing a long “Range” array in a .seticcscpate operator.

Impact

A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PostScript file, which could possibly lead to the execution of arbitrary code or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Ghostscript ESP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/ghostscript-esp-8.15.4-r1"

All Ghostscript GPL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gpl-8.61-r3"

All Ghostscript GNU users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/ghostscript-gnu-8.60.0-r2"

Related

openvas 30
nessus 15
debian 1
freebsd 1
slackware 1
fedora 2
ubuntucve 1
suse 1
securityvulns 2
cve 1
prion 1
centos 1
redhat 1
oraclelinux 1
ubuntu 1
debiancve 1
openvas
openvas
CentOS Update for ghostscript CESA-2008:0155 centos4 x86_64
2009-02-27 00:00:00
Fedora Update for ghostscript FEDORA-2008-1998
2009-02-16 00:00:00
Slackware: Security Advisory (SSA:2008-062-01)
2012-09-10 00:00:00
nessus
nessus
Fedora 8 : ghostscript-8.61-8.fc8 (2008-1998)
2008-03-07 00:00:00
CentOS 3 / 4 / 5 : ghostscript (CESA-2008:0155)
2008-02-28 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : ghostscript, gs-esp, gs-gpl vulnerability (USN-599-1)
2008-04-11 00:00:00
debian
debian
[SECURITY] [DSA 1510-1] New ghostscript packages fix arbitrary code execution
2008-02-27 12:17:43
freebsd
freebsd
ghostscript -- zseticcspace() function buffer overflow vulnerability
2008-02-28 00:00:00
slackware
slackware
[slackware-security] espgs/ghostscript
2008-03-02 10:01:48
fedora
fedora
[SECURITY] Fedora 7 Update: ghostscript-8.15.4-4.fc7
2008-03-06 16:39:31
[SECURITY] Fedora 8 Update: ghostscript-8.61-8.fc8
2008-03-03 18:24:29
ubuntucve
ubuntucve
CVE-2008-0411
2008-02-28 00:00:00
suse
suse
remote code execution in ghostscript
2008-02-28 18:04:20
securityvulns
securityvulns
[SECURITY] [DSA 1510-1] New ghostscript packages fix arbitrary code execution
2008-02-27 00:00:00
Ghostscript buffer overflow
2008-02-27 00:00:00
cve
cve
CVE-2008-0411
2008-02-28 21:44:00
prion
prion
Stack overflow
2008-02-28 21:44:00
centos
centos
ghostscript, hpijs security update
2008-02-28 11:53:06
redhat
redhat
(RHSA-2008:0155) Important: ghostscript security update
2008-02-27 00:00:00
oraclelinux
oraclelinux
Important: ghostscript security update
2008-02-28 00:00:00
ubuntu
ubuntu
Ghostscript vulnerability
2008-04-09 00:00:00
debiancve
debiancve
CVE-2008-0411
2008-02-28 21:44:00

0.148 Low

EPSS

Percentile

95.8%

JSON
Related for GLSA-200803-14
openvas30nessus15debian1freebsd1slackware1fedora2ubuntucve1suse1securityvulns2cve1prion1centos1redhat1oraclelinux1ubuntu1debiancve1