All the vulnerabilites related to Ghostscript - ghostscript
var-201008-0003
Vulnerability from variot
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. Ghostscript of TrueType bytecode interpreter Vulnerabilities exist. Ghostscript is a program for displaying PostScript files or printing files to non-PostScript printers. An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to Ghostscript 8.71 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-17
http://security.gentoo.org/
Severity: Normal Title: GPL Ghostscript: Multiple vulnerabilities Date: December 13, 2014 Bugs: #264594, #300192, #332061, #437654 ID: 201412-17
Synopsis
Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/ghostscript-gpl < 9.10-r2 >= 9.10-r2
Description
Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All GPL Ghostscript users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-text/ghostscript-gpl-9.10-r2"
References
[ 1 ] CVE-2009-0196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0196 [ 2 ] CVE-2009-0792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0792 [ 3 ] CVE-2009-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3743 [ 4 ] CVE-2009-4270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4270 [ 5 ] CVE-2009-4897 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4897 [ 6 ] CVE-2010-1628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1628 [ 7 ] CVE-2010-2055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2055 [ 8 ] CVE-2010-4054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4054 [ 9 ] CVE-2012-4405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4405
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-17.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: ghostscript security update Advisory ID: RHSA-2012:0095-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0095.html Issue date: 2012-02-02 CVE Names: CVE-2009-3743 CVE-2010-2055 CVE-2010-4054 CVE-2010-4820 =====================================================================
- Summary:
Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2009-3743)
It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used (to prevent the current working directory being searched first). (CVE-2010-2055)
Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820)
Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first). An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2010-4054)
Users of Ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
599564 - CVE-2010-2055 ghostscript: gs_init.ps searched in current directory despite -P- 627902 - CVE-2009-3743 ghostscript: TrueType bytecode intepreter integer overflow or wraparound 646086 - CVE-2010-4054 ghostscript: glyph data access improper input validation 771853 - CVE-2010-4820 ghostscript: CWD included in the default library search path
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm
i386: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-gtk-8.70-6.el5_7.6.i386.rpm
x86_64: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-8.70-6.el5_7.6.x86_64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm ghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm
i386: ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm
x86_64: ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm
i386: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm ghostscript-gtk-8.70-6.el5_7.6.i386.rpm
ia64: ghostscript-8.70-6.el5_7.6.ia64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.ia64.rpm ghostscript-devel-8.70-6.el5_7.6.ia64.rpm ghostscript-gtk-8.70-6.el5_7.6.ia64.rpm
ppc: ghostscript-8.70-6.el5_7.6.ppc.rpm ghostscript-8.70-6.el5_7.6.ppc64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.ppc.rpm ghostscript-debuginfo-8.70-6.el5_7.6.ppc64.rpm ghostscript-devel-8.70-6.el5_7.6.ppc.rpm ghostscript-devel-8.70-6.el5_7.6.ppc64.rpm ghostscript-gtk-8.70-6.el5_7.6.ppc.rpm
s390x: ghostscript-8.70-6.el5_7.6.s390.rpm ghostscript-8.70-6.el5_7.6.s390x.rpm ghostscript-debuginfo-8.70-6.el5_7.6.s390.rpm ghostscript-debuginfo-8.70-6.el5_7.6.s390x.rpm ghostscript-devel-8.70-6.el5_7.6.s390.rpm ghostscript-devel-8.70-6.el5_7.6.s390x.rpm ghostscript-gtk-8.70-6.el5_7.6.s390x.rpm
x86_64: ghostscript-8.70-6.el5_7.6.i386.rpm ghostscript-8.70-6.el5_7.6.x86_64.rpm ghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm ghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm ghostscript-devel-8.70-6.el5_7.6.i386.rpm ghostscript-devel-8.70-6.el5_7.6.x86_64.rpm ghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-doc-8.70-11.el6_2.6.i686.rpm ghostscript-gtk-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm
ppc64: ghostscript-8.70-11.el6_2.6.ppc.rpm ghostscript-8.70-11.el6_2.6.ppc64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm ghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm
s390x: ghostscript-8.70-11.el6_2.6.s390.rpm ghostscript-8.70-11.el6_2.6.s390x.rpm ghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm ghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-doc-8.70-11.el6_2.6.i686.rpm ghostscript-gtk-8.70-11.el6_2.6.i686.rpm
ppc64: ghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm ghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm ghostscript-devel-8.70-11.el6_2.6.ppc.rpm ghostscript-devel-8.70-11.el6_2.6.ppc64.rpm ghostscript-doc-8.70-11.el6_2.6.ppc64.rpm ghostscript-gtk-8.70-11.el6_2.6.ppc64.rpm
s390x: ghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm ghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm ghostscript-devel-8.70-11.el6_2.6.s390.rpm ghostscript-devel-8.70-11.el6_2.6.s390x.rpm ghostscript-doc-8.70-11.el6_2.6.s390x.rpm ghostscript-gtk-8.70-11.el6_2.6.s390x.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-8.70-11.el6_2.6.i686.rpm ghostscript-8.70-11.el6_2.6.x86_64.rpm ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm
i386: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-doc-8.70-11.el6_2.6.i686.rpm ghostscript-gtk-8.70-11.el6_2.6.i686.rpm
x86_64: ghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm ghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm ghostscript-devel-8.70-11.el6_2.6.i686.rpm ghostscript-devel-8.70-11.el6_2.6.x86_64.rpm ghostscript-doc-8.70-11.el6_2.6.x86_64.rpm ghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2009-3743.html https://www.redhat.com/security/data/cve/CVE-2010-2055.html https://www.redhat.com/security/data/cve/CVE-2010-4054.html https://www.redhat.com/security/data/cve/CVE-2010-4820.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD4DBQFPKxQeXlSAg2UNWIIRArqLAJYndAdU+gEQ5Ki//vi/wh7KgAtYAJ9NwToi Ov6GX/QA+l4EOfr9Yj/1Qg== =6sZd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-1317-1 January 04, 2012
ghostscript vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Ghostscript could be made to crash or run programs as your login if it opened a specially crafted file.
Software Description: - ghostscript: The GPL Ghostscript PostScript/PDF interpreter
Details:
It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. (CVE-2008-3520)
It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. (CVE-2008-3522)
It was discovered that Ghostscript incorrectly handled certain malformed TrueType fonts. This issue only affected Ubuntu 8.04 LTS. (CVE-2009-3743)
It was discovered that Ghostscript incorrectly handled certain malformed Type 2 fonts. This issue only affected Ubuntu 8.04 LTS. (CVE-2010-4054)
Jonathan Foote discovered that Ghostscript incorrectly handled certain malformed JPEG-2000 image files. (CVE-2011-4516, CVE-2011-4517)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: libgs8 8.71.dfsg.2-0ubuntu7.1
Ubuntu 10.04 LTS: libgs8 8.71.dfsg.1-0ubuntu5.4
Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.4
In general, a standard system update will make all the necessary changes.
--[ Vulnerability details:
memove() is defined in string.h and has the following prototype:
void *memmove(void *dest, const void *src, size_t n);
It is worth noticing that size_t is a signed integer.
In ghostscript-8.70.dfsg.1/base/ttinterp.c we can find the following code snippet:
/******/ / MINDEX[] : move indexed element / / CodeRange : $26 */
static void Ins_MINDEX( INS_ARG ) { Long L, K; [0]
L = args[0]; [1]
if ( L<0 || L > CUR.args ) [2]
{
CUR.error = TT_Err_Invalid_Reference;
return;
}
K = CUR.stack[CUR.args - L]; [3]
memmove( (&CUR.stack[CUR.args - L ]), [4]
(&CUR.stack[CUR.args - L + 1]),
(L - 1) * sizeof ( Long ) );
CUR.stack[ CUR.args-1 ] = K;
}
[0] L is actually an unsigned long on x86. [1] L is user controled. [2] what if L is null then ? [3] will work fine with L null... [4] if L was null, then the sized passed to memmove is casted from an unsigned long to a signed integer (size_t) worthing 111111111111111111111111111111 in binary, or 0x3fffffff.
Let's now consider the third argument passed to memmove in [4]. This value is used as a counter in register ecx, resulting in the copy of a very large chunk of memory (0x3fffffff ~= 1Gb). At this time, the destination being somewhere in the heap, the appliation will eventually fill the heap segment with (unexpected) data, and the copy will fail when trying to write to the first non mapped address after the heap in the address space, generating a segmentation fault.
Experimentally, reaching this codepath has shown to be possible. The values of the registers (in particular ecx and edi) at crash time are coherent with our expectations and the explaination above :
Program received signal SIGSEGV, Segmentation fault.
-------------------------------------------------------------------------[
regs
eax:FFFFFFFC ebx:405B6FF4 ecx:3FF85061 edx:0807C844
eflags:00010216
esi:0826A000 edi:08269FFC esp:BFFFDD18 ebp:BFFFDD58 eip:408EFA83
cs:0073 ds:007B es:007B fs:0000 gs:0033 ss:007B o d I t s z
A P c
[007B:BFFFDD18]---------------------------------------------------------[stack]
BFFFDD48 : E0 13 F9 FF F4 6F 5B 40 - 44 C8 07 08 00 00 00 00
.....o[@D.......
BFFFDD38 : 00 00 00 00 00 00 00 00 - 01 00 00 00 0D 00 00 00
................
BFFFDD28 : FC FF FF FF AE 42 0F 40 - 44 C8 07 08 34 CA 07 08
.....B.@D...4...
BFFFDD18 : 26 00 00 00 09 69 0F 40 - 84 E1 07 08 88 E1 07 08
&....i.@........
[007B:0826A000]---------------------------------------------------------[ data]
Arbitrary code execution would require to corrupt the heap with a bit more than 1Gb of copied data without writting to invalid memory. Having the heap allocate so much data is not belived to be possible in the current situation under x86 GNU/linux.
endrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$ ldd /bin/ /sbin/ \ /usr/sbin/ /usr/local/bin/ \ /usr/local/sbin/ /usr/bin/ 2>/dev/null |grep "libgs.so\|:"|grep "libgs" -B 1 /usr/sbin/lpdomatic: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/directomatic: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/foomatic-rip: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/ghostscript: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) -- /usr/bin/gs: libgs.so.8 => /usr/lib/libgs.so.8 (0xb7785000) endrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$
Third party applications linking to this library may also be vulnerable.
--[ Patch:
This off by one can be mitigated by applying the following patch in
ghostscript-8.70.dfsg.1/base/ttinterp.c :
- if ( L<0 || L > CUR.args )
-
if ( L<=0 || L > CUR.args )
The patch that has actually been merged to Ghostscript is strictly equivalent.
--[ Disclosure timeline:
- 19/10/2009: Contact Vendor.
- 19/10/2009: Vendor replies to our mail asking for details.
- 26/10/2009: Recontact vendor, ask for a valid pgp key.
- 05/11/2009: Recontact vendor who failed at providing a valid pgp key.
- 15/11/2009: Receive a valid pgp key from vendor. Provide details, including two PoCs to the Vendor.
- 16/12/2009: Recontact the vendor who doesn't get back to us.
- 05/01/2010: Vendor asks for more details including a complete bug analysis and patches.
- 06/01/2010: Provide full analysis and patches to the vendor.
- 06/01/2010: Vendor claims to have silently patched the vulnerability in their development branch.
- 01/03/2010: Ping vendor, who remains silent...
- 22/03/2010: Ping vendor, who remains silent...
- 20/07/2010: Inform the CERT about the vulnearbility.
- 20/07/2010: Recontact CERT about this vulnerability.
- 03/08/2010: CERT gets back to us asking for details.
- 09/08/2010: Send available information to the CERT.
- 13/08/2010: The CERT compares our patch and the applied patch in addition to the material we provided and concludes the vendor actually did fix the vulnerability as we suggested, but silently, denying us any kind of credit.
- 14/08/2010: The CERT assigns CVE number CVE-2009-3743 to this vulnerability.
- 25/11/2010: Public disclosure.
Note: The vendor claims to follow a bounty program for coders fixing bugs in their software. From our experience, they do not practice such a thing but silently patch reported bugs instead. We hope this was merely an exception.
--[ Credits: This vulnerability was discovered by Jonathan Brossard from Toucan System.
--[ About Toucan System:
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201008-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.56"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.62"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.53"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.54"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.61"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.60"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.54"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.51"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.57"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.6,
"vendor": "artifex",
"version": "8.63"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.51"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.52"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.12"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "7.03"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.64"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.01"
},
{
"model": "ghostscript fonts",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.11"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.13"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.14"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.50"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.50"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.50"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "7.04"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.11"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.01"
},
{
"model": "ghostscript fonts",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.0"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "7.00"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.00"
},
{
"model": "gpl ghostscript",
"scope": "lte",
"trust": 1.0,
"vendor": "artifex",
"version": "8.70"
},
{
"model": "afpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "6.0"
},
{
"model": "gpl ghostscript",
"scope": "eq",
"trust": 1.0,
"vendor": "artifex",
"version": "8.15"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "artifex",
"version": null
},
{
"model": "gpl ghostscript",
"scope": "lt",
"trust": 0.8,
"vendor": "artifex",
"version": "8.71 earlier"
},
{
"model": "ghostscript",
"scope": "lt",
"trust": 0.6,
"vendor": "ghostscript",
"version": "8.71"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.15.2"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.0.1"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "5.50"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.70"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.64"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.61"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.60"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.57"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.56"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.54"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.15"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "7.07"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "7.05"
},
{
"model": "ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "ghostscript",
"version": "0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "8.50"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "8.01"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.07"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.06"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.05"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "7.04"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "6.53"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "6.52"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "6.51"
},
{
"model": "enterprises ghostscript 7",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.50.8"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.50.8"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.50"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.16"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.15"
},
{
"model": "enterprises ghostscript cl",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.12"
},
{
"model": "enterprises ghostscript mdk",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10"
},
{
"model": "enterprises ghostscript mdk",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10-1"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10-1"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10.10"
},
{
"model": "enterprises ghostscript cl",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "5.10"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "4.3.2"
},
{
"model": "enterprises ghostscript",
"scope": "eq",
"trust": 0.3,
"vendor": "aladdin",
"version": "4.3"
},
{
"model": "ghostscript",
"scope": "ne",
"trust": 0.3,
"vendor": "ghostscript",
"version": "8.71"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:artifex:gpl_ghostscript",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan Brossard",
"sources": [
{
"db": "BID",
"id": "42640"
},
{
"db": "PACKETSTORM",
"id": "96130"
}
],
"trust": 0.4
},
"cve": "CVE-2009-3743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3743",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3743",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#644319",
"trust": 0.8,
"value": "0.45"
},
{
"author": "NVD",
"id": "CVE-2009-3743",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-319",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow. Ghostscript of TrueType bytecode interpreter Vulnerabilities exist. Ghostscript is a program for displaying PostScript files or printing files to non-PostScript printers. \nAn attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions. \nVersions prior to Ghostscript 8.71 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: GPL Ghostscript: Multiple vulnerabilities\n Date: December 13, 2014\n Bugs: #264594, #300192, #332061, #437654\n ID: 201412-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in GPL Ghostscript, the worst\nof which may allow execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/ghostscript-gpl\n \u003c 9.10-r2 \u003e= 9.10-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in GPL Ghostscript. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll GPL Ghostscript users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=app-text/ghostscript-gpl-9.10-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2009-0196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0196\n[ 2 ] CVE-2009-0792\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0792\n[ 3 ] CVE-2009-3743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3743\n[ 4 ] CVE-2009-4270\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4270\n[ 5 ] CVE-2009-4897\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4897\n[ 6 ] CVE-2010-1628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1628\n[ 7 ] CVE-2010-2055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2055\n[ 8 ] CVE-2010-4054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4054\n[ 9 ] CVE-2012-4405\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4405\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-17.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: ghostscript security update\nAdvisory ID: RHSA-2012:0095-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0095.html\nIssue date: 2012-02-02\nCVE Names: CVE-2009-3743 CVE-2010-2055 CVE-2010-4054 \n CVE-2010-4820 \n=====================================================================\n\n1. Summary:\n\nUpdated ghostscript packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nGhostscript is a set of software that provides a PostScript interpreter, a\nset of C procedures (the Ghostscript library, which implements the graphics\ncapabilities in the PostScript language) and an interpreter for Portable\nDocument Format (PDF) files. An attacker could create a specially-crafted PostScript or PDF\nfile that, when interpreted, could cause Ghostscript to crash or,\npotentially, execute arbitrary code. (CVE-2009-3743)\n\nIt was found that Ghostscript always tried to read Ghostscript system\ninitialization files from the current working directory before checking\nother directories, even if a search path that did not contain the current\nworking directory was specified with the \"-I\" option, or the \"-P-\" option\nwas used (to prevent the current working directory being searched first). (CVE-2010-2055)\n\nGhostscript included the current working directory in its library search\npath by default. If a user ran Ghostscript without the \"-P-\" option in an\nattacker-controlled directory containing a specially-crafted PostScript\nlibrary file, it could cause Ghostscript to execute arbitrary PostScript\ncode. With this update, Ghostscript no longer searches the current working\ndirectory for library files by default. (CVE-2010-4820)\n\nNote: The fix for CVE-2010-4820 could possibly break existing\nconfigurations. To use the previous, vulnerable behavior, run Ghostscript\nwith the \"-P\" option (to always search the current working directory\nfirst). An attacker could create a specially-crafted\nPostScript Type 1 or PostScript Type 2 font file that, when interpreted,\ncould cause Ghostscript to crash or, potentially, execute arbitrary code. \n(CVE-2010-4054)\n\nUsers of Ghostscript are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n599564 - CVE-2010-2055 ghostscript: gs_init.ps searched in current directory despite -P-\n627902 - CVE-2009-3743 ghostscript: TrueType bytecode intepreter integer overflow or wraparound\n646086 - CVE-2010-4054 ghostscript: glyph data access improper input validation\n771853 - CVE-2010-4820 ghostscript: CWD included in the default library search path\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm\n\ni386:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-gtk-8.70-6.el5_7.6.i386.rpm\n\nx86_64:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-8.70-6.el5_7.6.x86_64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm\nghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ghostscript-8.70-6.el5_7.6.src.rpm\n\ni386:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\nghostscript-gtk-8.70-6.el5_7.6.i386.rpm\n\nia64:\nghostscript-8.70-6.el5_7.6.ia64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.ia64.rpm\nghostscript-devel-8.70-6.el5_7.6.ia64.rpm\nghostscript-gtk-8.70-6.el5_7.6.ia64.rpm\n\nppc:\nghostscript-8.70-6.el5_7.6.ppc.rpm\nghostscript-8.70-6.el5_7.6.ppc64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.ppc.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.ppc64.rpm\nghostscript-devel-8.70-6.el5_7.6.ppc.rpm\nghostscript-devel-8.70-6.el5_7.6.ppc64.rpm\nghostscript-gtk-8.70-6.el5_7.6.ppc.rpm\n\ns390x:\nghostscript-8.70-6.el5_7.6.s390.rpm\nghostscript-8.70-6.el5_7.6.s390x.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.s390.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.s390x.rpm\nghostscript-devel-8.70-6.el5_7.6.s390.rpm\nghostscript-devel-8.70-6.el5_7.6.s390x.rpm\nghostscript-gtk-8.70-6.el5_7.6.s390x.rpm\n\nx86_64:\nghostscript-8.70-6.el5_7.6.i386.rpm\nghostscript-8.70-6.el5_7.6.x86_64.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.i386.rpm\nghostscript-debuginfo-8.70-6.el5_7.6.x86_64.rpm\nghostscript-devel-8.70-6.el5_7.6.i386.rpm\nghostscript-devel-8.70-6.el5_7.6.x86_64.rpm\nghostscript-gtk-8.70-6.el5_7.6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-doc-8.70-11.el6_2.6.i686.rpm\nghostscript-gtk-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\n\nppc64:\nghostscript-8.70-11.el6_2.6.ppc.rpm\nghostscript-8.70-11.el6_2.6.ppc64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm\n\ns390x:\nghostscript-8.70-11.el6_2.6.s390.rpm\nghostscript-8.70-11.el6_2.6.s390x.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-doc-8.70-11.el6_2.6.i686.rpm\nghostscript-gtk-8.70-11.el6_2.6.i686.rpm\n\nppc64:\nghostscript-debuginfo-8.70-11.el6_2.6.ppc.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.ppc64.rpm\nghostscript-devel-8.70-11.el6_2.6.ppc.rpm\nghostscript-devel-8.70-11.el6_2.6.ppc64.rpm\nghostscript-doc-8.70-11.el6_2.6.ppc64.rpm\nghostscript-gtk-8.70-11.el6_2.6.ppc64.rpm\n\ns390x:\nghostscript-debuginfo-8.70-11.el6_2.6.s390.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.s390x.rpm\nghostscript-devel-8.70-11.el6_2.6.s390.rpm\nghostscript-devel-8.70-11.el6_2.6.s390x.rpm\nghostscript-doc-8.70-11.el6_2.6.s390x.rpm\nghostscript-gtk-8.70-11.el6_2.6.s390x.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-8.70-11.el6_2.6.i686.rpm\nghostscript-8.70-11.el6_2.6.x86_64.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/ghostscript-8.70-11.el6_2.6.src.rpm\n\ni386:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-doc-8.70-11.el6_2.6.i686.rpm\nghostscript-gtk-8.70-11.el6_2.6.i686.rpm\n\nx86_64:\nghostscript-debuginfo-8.70-11.el6_2.6.i686.rpm\nghostscript-debuginfo-8.70-11.el6_2.6.x86_64.rpm\nghostscript-devel-8.70-11.el6_2.6.i686.rpm\nghostscript-devel-8.70-11.el6_2.6.x86_64.rpm\nghostscript-doc-8.70-11.el6_2.6.x86_64.rpm\nghostscript-gtk-8.70-11.el6_2.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2009-3743.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-2055.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4054.html\nhttps://www.redhat.com/security/data/cve/CVE-2010-4820.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD4DBQFPKxQeXlSAg2UNWIIRArqLAJYndAdU+gEQ5Ki//vi/wh7KgAtYAJ9NwToi\nOv6GX/QA+l4EOfr9Yj/1Qg==\n=6sZd\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-1317-1\nJanuary 04, 2012\n\nghostscript vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nGhostscript could be made to crash or run programs as your login if it\nopened a specially crafted file. \n\nSoftware Description:\n- ghostscript: The GPL Ghostscript PostScript/PDF interpreter\n\nDetails:\n\nIt was discovered that Ghostscript did not correctly handle memory\nallocation when parsing certain malformed JPEG-2000 images. (CVE-2008-3520)\n\nIt was discovered that Ghostscript did not correctly handle certain\nformatting operations when parsing JPEG-2000 images. (CVE-2008-3522)\n\nIt was discovered that Ghostscript incorrectly handled certain malformed\nTrueType fonts. \nThis issue only affected Ubuntu 8.04 LTS. (CVE-2009-3743)\n\nIt was discovered that Ghostscript incorrectly handled certain malformed\nType 2 fonts. \nThis issue only affected Ubuntu 8.04 LTS. (CVE-2010-4054)\n\nJonathan Foote discovered that Ghostscript incorrectly handled certain\nmalformed JPEG-2000 image files. (CVE-2011-4516, CVE-2011-4517)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 10.10:\n libgs8 8.71.dfsg.2-0ubuntu7.1\n\nUbuntu 10.04 LTS:\n libgs8 8.71.dfsg.1-0ubuntu5.4\n\nUbuntu 8.04 LTS:\n libgs8 8.61.dfsg.1-1ubuntu3.4\n\nIn general, a standard system update will make all the necessary changes. \n\n--[ Vulnerability details:\n\nmemove() is defined in string.h and has the following prototype:\n\n void *memmove(void *dest, const void *src, size_t n);\n\nIt is worth noticing that size_t is a signed integer. \n\nIn ghostscript-8.70.dfsg.1/base/ttinterp.c we can find the following code\nsnippet:\n\n/*******************************************/\n/* MINDEX[] : move indexed element */\n/* CodeRange : $26 */\n\n static void Ins_MINDEX( INS_ARG )\n {\n Long L, K; [0]\n\n\n L = args[0]; [1]\n\n if ( L\u003c0 || L \u003e CUR.args ) [2]\n {\n CUR.error = TT_Err_Invalid_Reference;\n return;\n }\n\n K = CUR.stack[CUR.args - L]; [3]\n\n memmove( (\u0026CUR.stack[CUR.args - L ]), [4]\n (\u0026CUR.stack[CUR.args - L + 1]),\n (L - 1) * sizeof ( Long ) );\n\n CUR.stack[ CUR.args-1 ] = K;\n }\n\n\n[0] L is actually an unsigned long on x86. \n[1] L is user controled. \n[2] what if L is null then ?\n[3] will work fine with L null... \n[4] if L was null, then the sized passed to memmove is casted from an\nunsigned long to a signed integer (size_t) worthing\n111111111111111111111111111111 in binary, or 0x3fffffff. \n\n\nLet\u0027s now consider the third argument passed to memmove in [4]. This\nvalue is used as a counter in register ecx, resulting in the copy of a very\nlarge chunk of memory (0x3fffffff ~= 1Gb). At this time, the destination being\nsomewhere in the heap, the appliation will eventually fill the heap segment\nwith (unexpected) data, and the copy will fail when trying to write to the\nfirst non mapped address after the heap in the address space, generating a\nsegmentation fault. \n\nExperimentally, reaching this codepath has shown to be possible. \nThe values of the registers (in particular ecx and edi) at crash time are\ncoherent with our expectations and the explaination above :\n\nProgram received signal SIGSEGV, Segmentation fault. \n-------------------------------------------------------------------------[\nregs\n eax:FFFFFFFC ebx:405B6FF4 ecx:3FF85061 edx:0807C844\neflags:00010216\n esi:0826A000 edi:08269FFC esp:BFFFDD18 ebp:BFFFDD58 eip:408EFA83\n cs:0073 ds:007B es:007B fs:0000 gs:0033 ss:007B o d I t s z\nA P c\n[007B:BFFFDD18]---------------------------------------------------------[stack]\nBFFFDD48 : E0 13 F9 FF F4 6F 5B 40 - 44 C8 07 08 00 00 00 00\n.....o[@D....... \nBFFFDD38 : 00 00 00 00 00 00 00 00 - 01 00 00 00 0D 00 00 00\n................ \nBFFFDD28 : FC FF FF FF AE 42 0F 40 - 44 C8 07 08 34 CA 07 08\n.....B.@D...4... \nBFFFDD18 : 26 00 00 00 09 69 0F 40 - 84 E1 07 08 88 E1 07 08\n\u0026....i.@........ \n[007B:0826A000]---------------------------------------------------------[ data]\n\u003cmemmove+35\u003e: rep movs DWORD PTR es:[edi],DWORD PTR ds:[esi]\n\n\nArbitrary code execution would require to corrupt the heap with a bit more than\n1Gb of copied data without writting to invalid memory. Having the heap\nallocate so much data is not belived to be possible in the current situation\nunder x86 GNU/linux. \n\nendrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$ ldd /bin/* /sbin/* \\\n/usr/sbin/* /usr/local/bin/* \\\n/usr/local/sbin/* /usr/bin/* 2\u003e/dev/null |grep \"libgs.so\\|:\"|grep\n\"libgs\" -B 1\n/usr/sbin/lpdomatic:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/directomatic:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/foomatic-rip:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/ghostscript:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\n--\n/usr/bin/gs:\n libgs.so.8 =\u003e /usr/lib/libgs.so.8 (0xb7785000)\nendrazine@blackbox:~/gs/ghostscript-8.70.dfsg.1$\n\n Third party applications linking to this library may also be vulnerable. \n\n--[ Patch:\n\n This off by one can be mitigated by applying the following patch in\n ghostscript-8.70.dfsg.1/base/ttinterp.c :\n\n- if ( L\u003c0 || L \u003e CUR.args )\n+ if ( L\u003c=0 || L \u003e CUR.args )\n\n The patch that has actually been merged to Ghostscript is strictly\n equivalent. \n\n\n\n--[ Disclosure timeline:\n\n* 19/10/2009: Contact Vendor. \n* 19/10/2009: Vendor replies to our mail asking for details. \n* 26/10/2009: Recontact vendor, ask for a valid pgp key. \n* 05/11/2009: Recontact vendor who failed at providing a valid pgp key. \n* 15/11/2009: Receive a valid pgp key from vendor. Provide details,\n including two PoCs to the Vendor. \n* 16/12/2009: Recontact the vendor who doesn\u0027t get back to us. \n* 05/01/2010: Vendor asks for more details including a complete bug analysis\n and patches. \n* 06/01/2010: Provide full analysis and patches to the vendor. \n* 06/01/2010: Vendor claims to have silently patched the vulnerability in\n their development branch. \n* 01/03/2010: Ping vendor, who remains silent... \n* 22/03/2010: Ping vendor, who remains silent... \n* 20/07/2010: Inform the CERT about the vulnearbility. \n* 20/07/2010: Recontact CERT about this vulnerability. \n* 03/08/2010: CERT gets back to us asking for details. \n* 09/08/2010: Send available information to the CERT. \n* 13/08/2010: The CERT compares our patch and the applied patch in addition\n to the material we provided and concludes the vendor actually\n did fix the vulnerability as we suggested, but silently, denying\n us any kind of credit. \n* 14/08/2010: The CERT assigns CVE number CVE-2009-3743 to this vulnerability. \n* 25/11/2010: Public disclosure. \n\nNote: The vendor claims to follow a bounty program for coders fixing bugs\n in their software. From our experience, they do not practice such a\n thing but silently patch reported bugs instead. We hope this was\n merely an exception. \n\n\n--[ Credits:\n This vulnerability was discovered by Jonathan Brossard from Toucan System. \n\n--[ About Toucan System:\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3743"
},
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#644319",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2009-3743",
"trust": 3.7
},
{
"db": "SECTRACK",
"id": "1024785",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-1734",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "HTTP://WWW.KB.CERT.ORG/VULS/ID/JALR-87YGN8",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319",
"trust": 0.6
},
{
"db": "BID",
"id": "42640",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "129572",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108331",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96130",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"id": "VAR-201008-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1734"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1734"
}
]
},
"last_update_date": "2024-11-23T21:25:46.054000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.artifex.com/"
},
{
"title": "Ghostscript TrueType bytecode interpreter heap memory corruption patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/908"
},
{
"title": "ghostscript-8.71",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40348"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/644319"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/jalr-87ygn8"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"trust": 1.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0095.html"
},
{
"trust": 1.0,
"url": "http://www.securitytracker.com/id?1024785"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/514892/100/0/threaded"
},
{
"trust": 0.8,
"url": "https://code.google.com/p/ghostscript/source/detail?r=10602\u0026path=/trunk/gs/base/ttinterp.c"
},
{
"trust": 0.8,
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691044"
},
{
"trust": 0.8,
"url": "http://toucan-system.com/advisories/tssa-2010-01.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3743"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu644319"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3743"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3743"
},
{
"trust": 0.3,
"url": "http://www.ghostscript.com/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100156381"
},
{
"trust": 0.3,
"url": "/archive/1/514892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4054"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2055"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4405"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4897"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2055"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0792"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4270"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1628"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4897"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4270"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-2055.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4820.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2009-3743.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4820"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2010-4054.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ghostscript/8.71.dfsg.1-0ubuntu5.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4517"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ghostscript/8.61.dfsg.1-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4516"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/ghostscript/8.71.dfsg.2-0ubuntu7.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1317-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3522"
},
{
"trust": 0.1,
"url": "http://www.toucan-system.com/advisories/tssa-2010-01.txt"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#644319"
},
{
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"db": "BID",
"id": "42640"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"db": "PACKETSTORM",
"id": "129572"
},
{
"db": "PACKETSTORM",
"id": "109370"
},
{
"db": "PACKETSTORM",
"id": "108331"
},
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-08-24T00:00:00",
"db": "CERT/CC",
"id": "VU#644319"
},
{
"date": "2010-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"date": "2010-08-24T00:00:00",
"db": "BID",
"id": "42640"
},
{
"date": "2010-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"date": "2014-12-15T20:05:03",
"db": "PACKETSTORM",
"id": "129572"
},
{
"date": "2012-02-03T00:19:10",
"db": "PACKETSTORM",
"id": "109370"
},
{
"date": "2012-01-04T15:48:27",
"db": "PACKETSTORM",
"id": "108331"
},
{
"date": "2010-11-26T12:12:12",
"db": "PACKETSTORM",
"id": "96130"
},
{
"date": "2010-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"date": "2010-08-26T21:00:01.200000",
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-06T00:00:00",
"db": "CERT/CC",
"id": "VU#644319"
},
{
"date": "2010-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1734"
},
{
"date": "2014-12-16T00:55:00",
"db": "BID",
"id": "42640"
},
{
"date": "2010-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002013"
},
{
"date": "2011-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-319"
},
{
"date": "2024-11-21T01:08:05.750000",
"db": "NVD",
"id": "CVE-2009-3743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "96130"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ghostscript Heap Corruption in TrueType bytecode interpreter",
"sources": [
{
"db": "CERT/CC",
"id": "VU#644319"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-319"
}
],
"trust": 0.6
}
}
cve-2009-0584
Vulnerability from cvelistv5
Published
2009-03-23 19:26
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52988"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "oval:org.mitre.oval:def:10544",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "ghostscript-icclib-bo(49327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52988"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "oval:org.mitre.oval:def:10544",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "ghostscript-icclib-bo(49327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0584",
"datePublished": "2009-03-23T19:26:00",
"dateReserved": "2009-02-13T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14869
Vulnerability from cvelistv5
Published
2019-11-15 11:55
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Ghostscript | ghostscript |
Version: all versions of ghostscript 9.x before 9.28 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869"
},
{
"name": "[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/15/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701841"
},
{
"name": "FEDORA-2019-17f42f585a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/"
},
{
"name": "20191118 [SECURITY] [DSA 4569-1] ghostscript security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Nov/27"
},
{
"name": "FEDORA-2019-6cdb10aa59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/"
},
{
"name": "openSUSE-SU-2019:2534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html"
},
{
"name": "openSUSE-SU-2019:2535",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html"
},
{
"name": "FEDORA-2019-7debdd1807",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/"
},
{
"name": "RHSA-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0222"
},
{
"name": "JVN#52486659",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN52486659/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ghostscript",
"vendor": "Ghostscript",
"versions": [
{
"status": "affected",
"version": "all versions of ghostscript 9.x before 9.28"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T04:06:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869"
},
{
"name": "[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/15/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=485904772c5f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701841"
},
{
"name": "FEDORA-2019-17f42f585a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/"
},
{
"name": "20191118 [SECURITY] [DSA 4569-1] ghostscript security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Nov/27"
},
{
"name": "FEDORA-2019-6cdb10aa59",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/"
},
{
"name": "openSUSE-SU-2019:2534",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html"
},
{
"name": "openSUSE-SU-2019:2535",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html"
},
{
"name": "FEDORA-2019-7debdd1807",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/"
},
{
"name": "RHSA-2020:0222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0222"
},
{
"name": "JVN#52486659",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN52486659/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-14869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "all versions of ghostscript 9.x before 9.28"
}
]
}
}
]
},
"vendor_name": "Ghostscript"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14869"
},
{
"name": "[oss-security] 20191115 CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/15/1"
},
{
"name": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f",
"refsource": "CONFIRM",
"url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=701841",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=701841"
},
{
"name": "FEDORA-2019-17f42f585a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX55AEDERTDFEZAROKZW64MZRPLINEGI/"
},
{
"name": "20191118 [SECURITY] [DSA 4569-1] ghostscript security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Nov/27"
},
{
"name": "FEDORA-2019-6cdb10aa59",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HC4REO73BEJOJAU7NHFHJECAUAYJUE3H/"
},
{
"name": "openSUSE-SU-2019:2534",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00049.html"
},
{
"name": "openSUSE-SU-2019:2535",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00050.html"
},
{
"name": "FEDORA-2019-7debdd1807",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Q4E3OTDAJRSUCOBTDQO7Y5UTE2FFMLF/"
},
{
"name": "RHSA-2020:0222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0222"
},
{
"name": "JVN#52486659",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52486659/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14869",
"datePublished": "2019-11-15T11:55:54",
"dateReserved": "2019-08-10T00:00:00",
"dateUpdated": "2024-08-05T00:26:39.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6679
Vulnerability from cvelistv5
Published
2009-04-08 16:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "oval:org.mitre.oval:def:10019",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "oval:org.mitre.oval:def:10019",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "oval:org.mitre.oval:def:10019",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019"
},
{
"name": "FEDORA-2009-3709",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "262288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34729"
},
{
"name": "http://bugs.ghostscript.com/show_bug.cgi?id=690211",
"refsource": "CONFIRM",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690211"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "35559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35559"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=493445",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493445"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "34667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6679",
"datePublished": "2009-04-08T16:00:00",
"dateReserved": "2009-04-08T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0792
Vulnerability from cvelistv5
Published
2009-04-14 16:00
Modified
2024-08-07 04:48
Severity ?
EPSS score ?
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11207",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2009-3430",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "ghostscript-icc-bo(50381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "FEDORA-2009-3435",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34711"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34726"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "oval:org.mitre.oval:def:11207",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207"
},
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2009-3430",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491853"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "ghostscript-icc-bo(50381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50381"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "FEDORA-2009-3435",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34711"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34726"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34667"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0792",
"datePublished": "2009-04-14T16:00:00",
"dateReserved": "2009-03-04T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4270
Vulnerability from cvelistv5
Published
2009-12-21 16:00
Modified
2024-08-07 06:54
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"name": "MDVSA-2010:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"name": "[oss-security] 20091217 possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"name": "USN-961-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-961-1"
},
{
"name": "MDVSA-2010:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"name": "ADV-2009-3597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3597"
},
{
"name": "61140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61140"
},
{
"name": "40580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40580"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
},
{
"name": "37851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37851"
},
{
"name": "37410",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-02T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"name": "MDVSA-2010:134",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"name": "[oss-security] 20091217 possible vulnerability in ghostscript \u003e= 8.64",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"name": "USN-961-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-961-1"
},
{
"name": "MDVSA-2010:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"name": "ADV-2009-3597",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3597"
},
{
"name": "61140",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61140"
},
{
"name": "40580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40580"
},
{
"name": "SUSE-SR:2010:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
},
{
"name": "37851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37851"
},
{
"name": "37410",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4270",
"datePublished": "2009-12-21T16:00:00",
"dateReserved": "2009-12-10T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0411
Vulnerability from cvelistv5
Published
2008-02-28 21:00
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29103"
},
{
"name": "USN-599-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"name": "GLSA-200803-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"name": "29154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29154"
},
{
"name": "29196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29196"
},
{
"name": "20080228 Ghostscript buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"name": "ADV-2008-0693",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"name": "29314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29314"
},
{
"name": "20080228 rPSA-2008-0082-1 espgs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"name": "29101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"name": "29112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29112"
},
{
"name": "SUSE-SA:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"name": "29147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29147"
},
{
"name": "MDVSA-2008:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"name": "29768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29768"
},
{
"name": "1019511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019511"
},
{
"name": "DSA-1510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"name": "RHSA-2008:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"name": "28017",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28017"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"name": "FEDORA-2008-1998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
},
{
"name": "29135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29135"
},
{
"name": "29169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29169"
},
{
"name": "SSA:2008-062-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "29103",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29103"
},
{
"name": "USN-599-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"name": "GLSA-200803-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"name": "29154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29154"
},
{
"name": "29196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29196"
},
{
"name": "20080228 Ghostscript buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"name": "ADV-2008-0693",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"name": "29314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29314"
},
{
"name": "20080228 rPSA-2008-0082-1 espgs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"name": "29101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"name": "29112",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29112"
},
{
"name": "SUSE-SA:2008:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"name": "29147",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29147"
},
{
"name": "MDVSA-2008:055",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"name": "29768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29768"
},
{
"name": "1019511",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019511"
},
{
"name": "DSA-1510",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"name": "RHSA-2008:0155",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"name": "28017",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28017"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"name": "FEDORA-2008-1998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
},
{
"name": "29135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29135"
},
{
"name": "29169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29169"
},
{
"name": "SSA:2008-062-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29103"
},
{
"name": "USN-599-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-599-1"
},
{
"name": "GLSA-200803-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml"
},
{
"name": "29154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29154"
},
{
"name": "29196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29196"
},
{
"name": "20080228 Ghostscript buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488946/100/0/threaded"
},
{
"name": "ADV-2008-0693",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0693/references"
},
{
"name": "29314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29314"
},
{
"name": "20080228 rPSA-2008-0082-1 espgs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488932/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9557",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557"
},
{
"name": "29101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29101"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0082",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0082"
},
{
"name": "29112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29112"
},
{
"name": "SUSE-SA:2008:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html"
},
{
"name": "29147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29147"
},
{
"name": "MDVSA-2008:055",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:055"
},
{
"name": "https://issues.rpath.com/browse/RPL-2217",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2217"
},
{
"name": "29768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29768"
},
{
"name": "1019511",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019511"
},
{
"name": "DSA-1510",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1510"
},
{
"name": "RHSA-2008:0155",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0155.html"
},
{
"name": "28017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28017"
},
{
"name": "http://scary.beasts.org/security/CESA-2008-001.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2008-001.html"
},
{
"name": "FEDORA-2008-1998",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html"
},
{
"name": "29135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29135"
},
{
"name": "29169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29169"
},
{
"name": "SSA:2008-062-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.370633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-0411",
"datePublished": "2008-02-28T21:00:00",
"dateReserved": "2008-01-23T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0196
Vulnerability from cvelistv5
Published
2009-04-16 15:00
Modified
2024-08-07 04:24
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "ADV-2009-0983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"name": "34445",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34445"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "34292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34292"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "1022029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022029"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "53492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53492"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"name": "FEDORA-2009-3709",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "ADV-2009-0983",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"name": "34445",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34445"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "34292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34292"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10533",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "1022029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022029"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "53492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53492"
},
{
"name": "SUSE-SR:2009:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"name": "34667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502586/100/0/threaded"
},
{
"name": "FEDORA-2009-3709",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html"
},
{
"name": "GLSA-201412-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "ADV-2009-0983",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0983"
},
{
"name": "34445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34445"
},
{
"name": "262288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "34292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34292"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:10533",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533"
},
{
"name": "MDVSA-2009:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "FEDORA-2009-3710",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html"
},
{
"name": "34732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "1022029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022029"
},
{
"name": "35559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "USN-757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "53492",
"refsource": "OSVDB",
"url": "http://osvdb.org/53492"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "http://secunia.com/secunia_research/2009-21/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-21/"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=337747",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=337747"
},
{
"name": "34667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2009-0196",
"datePublished": "2009-04-16T15:00:00",
"dateReserved": "2009-01-20T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10216
Vulnerability from cvelistv5
Published
2019-11-27 12:10
Modified
2024-08-04 22:17
Severity ?
EPSS score ?
Summary
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216 | x_refsource_CONFIRM | |
| http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202004-03 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | ghostscript | ghostscript |
Version: before 9.50 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202004-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ghostscript",
"vendor": "ghostscript",
"versions": [
{
"status": "affected",
"version": "before 9.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T21:06:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202004-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ghostscript",
"version": {
"version_data": [
{
"version_value": "before 9.50"
}
]
}
}
]
},
"vendor_name": "ghostscript"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10216"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19"
},
{
"name": "GLSA-202004-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202004-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10216",
"datePublished": "2019-11-27T12:10:12",
"dateReserved": "2019-03-27T00:00:00",
"dateUpdated": "2024-08-04T22:17:18.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4820
Vulnerability from cvelistv5
Published
2014-10-27 01:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=599564 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=771853 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/01/04/7 | mailing-list, x_refsource_MLIST | |
| http://bugs.ghostscript.com/show_bug.cgi?id=691339 | x_refsource_MISC | |
| http://rhn.redhat.com/errata/RHSA-2012-0096.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-0095.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/archive/1/511433 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/51847 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771853"
},
{
"name": "[oss-security] 20120104 Re: CVE request: ghostscript: system initialization file uncontrolled search path element",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
},
{
"name": "RHSA-2012:0096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0096.html"
},
{
"name": "RHSA-2012:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0095.html"
},
{
"name": "20100522 Ghostscript 8.64 executes random code at startup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511433"
},
{
"name": "51847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-27T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=599564"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771853"
},
{
"name": "[oss-security] 20120104 Re: CVE request: ghostscript: system initialization file uncontrolled search path element",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/04/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=691339"
},
{
"name": "RHSA-2012:0096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0096.html"
},
{
"name": "RHSA-2012:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0095.html"
},
{
"name": "20100522 Ghostscript 8.64 executes random code at startup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511433"
},
{
"name": "51847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51847"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4820",
"datePublished": "2014-10-27T01:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-07T04:02:29.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0583
Vulnerability from cvelistv5
Published
2009-03-23 19:26
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"name": "oval:org.mitre.oval:def:10795",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "ghostscript-icclib-native-color-bo(49329)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain \"native color space,\" related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "34381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34381"
},
{
"name": "SUSE-SR:2009:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34437"
},
{
"name": "34393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34393"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
},
{
"name": "GLSA-200903-37",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
},
{
"name": "1021868",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021868"
},
{
"name": "34266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34266"
},
{
"name": "34443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34443"
},
{
"name": "FEDORA-2009-3031",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
},
{
"name": "DSA-1746",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1746"
},
{
"name": "ESB-2009.0259",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=10666"
},
{
"name": "ADV-2009-0776",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0776"
},
{
"name": "FEDORA-2009-2885",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "FEDORA-2009-3011",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
},
{
"name": "34418",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2991"
},
{
"name": "oval:org.mitre.oval:def:10795",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10795"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "ADV-2009-0816",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0816"
},
{
"name": "34469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34469"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487742"
},
{
"name": "34184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34184"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "34373",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34373"
},
{
"name": "34398",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34398"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
},
{
"name": "RHSA-2009:0345",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
},
{
"name": "FEDORA-2009-2883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "ghostscript-icclib-native-color-bo(49329)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49329"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-0583",
"datePublished": "2009-03-23T19:26:00",
"dateReserved": "2009-02-13T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4405
Vulnerability from cvelistv5
Published
2012-09-18 17:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:1256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
},
{
"name": "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"name": "openSUSE-SU-2012:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"name": "MDVSA-2013:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"name": "MDVSA-2013:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"name": "55494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55494"
},
{
"name": "50719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50719"
},
{
"name": "SUSE-SU-2012:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"name": "openSUSE-SU-2012:1289",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"name": "icclib-pdf-bo(78411)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"name": "1027517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027517"
},
{
"name": "USN-1581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"name": "MDVSA-2012:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:1256",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1256.html"
},
{
"name": "GLSA-201412-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0301"
},
{
"name": "[oss-security] 20120911 CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/11/2"
},
{
"name": "openSUSE-SU-2012:1290",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00015.html"
},
{
"name": "MDVSA-2013:089",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:089"
},
{
"name": "MDVSA-2013:090",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:090"
},
{
"name": "55494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55494"
},
{
"name": "50719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50719"
},
{
"name": "SUSE-SU-2012:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00031.html"
},
{
"name": "openSUSE-SU-2012:1289",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00001.html"
},
{
"name": "icclib-pdf-bo(78411)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78411"
},
{
"name": "1027517",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027517"
},
{
"name": "USN-1581-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1581-1"
},
{
"name": "MDVSA-2012:151",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:151"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4405",
"datePublished": "2012-09-18T17:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6725
Vulnerability from cvelistv5
Published
2009-04-08 16:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2008-5699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "34337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34337"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "oval:org.mitre.oval:def:9507",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:0421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "RHSA-2009:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2008-5699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html"
},
{
"name": "262288",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name": "MDVSA-2009:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "34337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34337"
},
{
"name": "34732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "oval:org.mitre.oval:def:9507",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name": "MDVSA-2009:096",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name": "USN-757-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0421.html"
},
{
"name": "RHSA-2009:0420",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0420.html"
},
{
"name": "FEDORA-2008-5699",
"refsource": "FEDORA",
"url": "http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html"
},
{
"name": "262288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
},
{
"name": "20090417 rPSA-2009-0060-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502757/100/0/threaded"
},
{
"name": "34729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34729"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=229174",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=229174"
},
{
"name": "MDVSA-2009:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
},
{
"name": "34337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34337"
},
{
"name": "34732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34732"
},
{
"name": "35569",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35569"
},
{
"name": "ADV-2009-1708",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1708"
},
{
"name": "oval:org.mitre.oval:def:9507",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507"
},
{
"name": "MDVSA-2009:096",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
},
{
"name": "35559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35559"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0060",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0060"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=493442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493442"
},
{
"name": "USN-757-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/757-1/"
},
{
"name": "[oss-security] 20090401 CVE request -- ghostscript",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/01/10"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm"
},
{
"name": "34726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6725",
"datePublished": "2009-04-08T16:00:00",
"dateReserved": "2009-04-08T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}