Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23544

HistoryApr 10, 2020 - 12:30 a.m.

Arbitrary Code Execution

2020-04-1000:30:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

0.01 Low

EPSS

Percentile

83.6%

ghostscript is vulnerable to arbitrary code execution. The vulnerability exists as multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript’s International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim.

CPENameOperatorVersion
ghostscripteq8.15.2__9.1.el5
ghostscripteq8.15.2__9.3.el5
ghostscripteq8.15.2__9.1.el5_1.1
ghostscripteq8.15.2__9.1.el5
ghostscripteq8.15.2__9.3.el5
ghostscripteq8.15.2__9.1.el5_1.1

References

bugs.gentoo.org/show_bug.cgi?id=261087

lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

secunia.com/advisories/34266

secunia.com/advisories/34373

secunia.com/advisories/34381

secunia.com/advisories/34393

secunia.com/advisories/34398

secunia.com/advisories/34418

secunia.com/advisories/34437

secunia.com/advisories/34443

secunia.com/advisories/34469

secunia.com/advisories/34729

secunia.com/advisories/35559

secunia.com/advisories/35569

securitytracker.com/id?1021868

sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1

support.avaya.com/elmodocs2/security/ASA-2009-098.htm

wiki.rpath.com/wiki/Advisories:rPSA-2009-0050

www.auscert.org.au/render.html?it=10666

www.debian.org/security/2009/dsa-1746

www.gentoo.org/security/en/glsa/glsa-200903-37.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:095

www.mandriva.com/security/advisories?name=MDVSA-2009:096

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2009-0345.html

www.securityfocus.com/archive/1/501994/100/0/threaded

www.securityfocus.com/bid/34184

www.ubuntu.com/usn/USN-743-1

www.vupen.com/english/advisories/2009/0776

www.vupen.com/english/advisories/2009/0777

www.vupen.com/english/advisories/2009/0816

www.vupen.com/english/advisories/2009/1708

access.redhat.com/errata/RHSA-2009:0345

access.redhat.com/security/cve/CVE-2009-0583

bugzilla.redhat.com/show_bug.cgi?id=487742

exchange.xforce.ibmcloud.com/vulnerabilities/49329

issues.rpath.com/browse/RPL-2991

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795

usn.ubuntu.com/757-1/

www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html

0.01 Low

EPSS

Percentile

83.6%

Related for VERACODE:23544

fedora11 cve2 openvas82 debiancve2 ubuntucve2 cvelist2 prion2 nvd2 redhat1 nessus34 oraclelinux1 centos1 securityvulns2 seebug1 ubuntu2 gentoo1 f52 osv1 debian1 slackware1