Ghostscript vulnerabilities

2010-07-1300:00:00

ubuntu.com

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.77 High

EPSS

Percentile

98.2%

JSON

Releases

Ubuntu 10.04
Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04

Packages

ghostscript -

Details

David Srbecky discovered that Ghostscript incorrectly handled debug
logging. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. This issue only
affected Ubuntu 9.04 and Ubuntu 9.10. The default compiler options for
affected releases should reduce the vulnerability to a denial of service.
(CVE-2009-4270)

It was discovered that Ghostscript incorrectly handled certain malformed
files. If a user or automated system were tricked into opening a crafted
Postscript or PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
This issue only affected Ubuntu 8.04 LTS and Ubuntu 9.04. (CVE-2009-4897)

Dan Rosenberg discovered that Ghostscript incorrectly handled certain
recursive Postscript files. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program. (CVE-2010-1628)

Rodrigo Rubira Branco and Dan Rosenberg discovered that Ghostscript
incorrectly handled certain malformed Postscript files. If a user or
automated system were tricked into opening a crafted Postscript file, an
attacker could cause a denial of service or execute arbitrary code with
privileges of the user invoking the program. This issue only affected
Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2010-1869)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchlibgs8< 8.70.dfsg.1-0ubuntu3.1UNKNOWN
Ubuntu9.10noarchghostscript< 8.70.dfsg.1-0ubuntu3.1UNKNOWN
Ubuntu9.10noarchghostscript-cups< 8.70.dfsg.1-0ubuntu3.1UNKNOWN
Ubuntu9.10noarchghostscript-x< 8.70.dfsg.1-0ubuntu3.1UNKNOWN
Ubuntu9.10noarchlibgs-dev< 8.70.dfsg.1-0ubuntu3.1UNKNOWN
Ubuntu9.04noarchlibgs8< 8.64.dfsg.1-0ubuntu8.1UNKNOWN
Ubuntu9.04noarchghostscript< 8.64.dfsg.1-0ubuntu8.1UNKNOWN
Ubuntu9.04noarchghostscript-x< 8.64.dfsg.1-0ubuntu8.1UNKNOWN
Ubuntu9.04noarchlibgs-dev< 8.64.dfsg.1-0ubuntu8.1UNKNOWN
Ubuntu8.04noarchlibgs8< 8.61.dfsg.1-1ubuntu3.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	libgs8	< 8.70.dfsg.1-0ubuntu3.1	UNKNOWN
Ubuntu	9.10	noarch	ghostscript	< 8.70.dfsg.1-0ubuntu3.1	UNKNOWN
Ubuntu	9.10	noarch	ghostscript-cups	< 8.70.dfsg.1-0ubuntu3.1	UNKNOWN
Ubuntu	9.10	noarch	ghostscript-x	< 8.70.dfsg.1-0ubuntu3.1	UNKNOWN
Ubuntu	9.10	noarch	libgs-dev	< 8.70.dfsg.1-0ubuntu3.1	UNKNOWN
Ubuntu	9.04	noarch	libgs8	< 8.64.dfsg.1-0ubuntu8.1	UNKNOWN
Ubuntu	9.04	noarch	ghostscript	< 8.64.dfsg.1-0ubuntu8.1	UNKNOWN
Ubuntu	9.04	noarch	ghostscript-x	< 8.64.dfsg.1-0ubuntu8.1	UNKNOWN
Ubuntu	9.04	noarch	libgs-dev	< 8.64.dfsg.1-0ubuntu8.1	UNKNOWN
Ubuntu	8.04	noarch	libgs8	< 8.61.dfsg.1-1ubuntu3.3	UNKNOWN