FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0411

This CVE name corresponds to:

Entered Topic
2008-03-05 ghostscript -- zseticcspace() function buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-0411
Phase Assigned(20080123)

Description

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

References

Source Reference
BUGTRAQ 20080228 Ghostscript buffer overflow
BUGTRAQ 20080228 rPSA-2008-0082-1 espgs
MISC http://scary.beasts.org/security/CESA-2008-001.html
CONFIRM https://issues.rpath.com/browse/RPL-2217
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0082
DEBIAN DSA-1510
FEDORA FEDORA-2008-1998
GENTOO GLSA-200803-14
MANDRIVA MDVSA-2008:055
REDHAT RHSA-2008:0155
SLACKWARE SSA:2008-062-01
SUSE SUSE-SA:2008:010
UBUNTU USN-599-1
BID 28017
OVAL oval:org.mitre.oval:def:9557
VUPEN ADV-2008-0693
SECTRACK 1019511
SECUNIA 29101
SECUNIA 29147
SECUNIA 29169
SECUNIA 29103
SECUNIA 29112
SECUNIA 29135
SECUNIA 29196
SECUNIA 29154
SECUNIA 29314
SECUNIA 29768