8.2 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.139 Low
EPSS
Percentile
95.6%
It was discovered that Ghostscript contained a buffer underflow in its
CCITTFax decoding filter. If a user or automated system were tricked into
opening a crafted PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
(CVE-2007-6725)
It was discovered that Ghostscript contained a buffer overflow in the
BaseFont writer module. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program. (CVE-2008-6679)
It was discovered that Ghostscript contained additional integer overflows
in its ICC color management library. If a user or automated system were
tricked into opening a crafted Postscript or PDF file, an attacker could
cause a denial of service or execute arbitrary code with privileges of the
user invoking the program. (CVE-2009-0792)
Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the
jbig2dec library. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program.
(CVE-2009-0196)
USN-743-1 provided updated ghostscript and gs-gpl packages to fix two
security vulnerabilities. This update corrects the same vulnerabilities in
the gs-esp package.
Original advisory details:
It was discovered that Ghostscript contained multiple integer overflows in
its ICC color management library. If a user or automated system were
tricked into opening a crafted Postscript file, an attacker could cause a
denial of service or execute arbitrary code with privileges of the user
invoking the program. (CVE-2009-0583)
It was discovered that Ghostscript did not properly perform bounds
checking in its ICC color management library. If a user or automated
system were tricked into opening a crafted Postscript file, an attacker
could cause a denial of service or execute arbitrary code with privileges
of the user invoking the program. (CVE-2009-0584)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | libgs8 | < 8.63.dfsg.1-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | ghostscript | < 8.63.dfsg.1-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | ghostscript-x | < 8.63.dfsg.1-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.10 | noarch | libgs-dev | < 8.63.dfsg.1-0ubuntu6.4 | UNKNOWN |
Ubuntu | 8.04 | noarch | libgs8 | < 8.61.dfsg.1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | ghostscript | < 8.61.dfsg.1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | ghostscript-x | < 8.61.dfsg.1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | libgs-dev | < 8.61.dfsg.1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | gs-gpl | < 8.15-4ubuntu3.3 | UNKNOWN |
Ubuntu | 6.06 | noarch | gs-esp | < 8.15.2.dfsg.0ubuntu1-0ubuntu1.2 | UNKNOWN |