[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code
Bug #196397 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GS-GPL |
Fix Released
|
Medium
|
|||
ghostscript (Debian) |
Fix Released
|
Unknown
|
|||
ghostscript (Fedora) |
Fix Released
|
High
|
|||
ghostscript (Gentoo Linux) |
Fix Released
|
High
|
|||
ghostscript (Mandriva) |
Unknown
|
Unknown
|
|||
ghostscript (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Edgy |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
gs-esp (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Edgy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Feisty |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
gs-gpl (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Edgy |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Feisty |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: gs-gpl
References:
DSA-1510-1 (http://
Quoting:
"Chris Evans discovered a buffer overflow in the color space handling
code of the Ghostscript PostScript/PDF interpreter, which might result
in the execution of arbitrary code if a user is tricked into processing
a malformed file."
CVE References
Changed in ghostscript: | |
assignee: | nobody → jamie-strandboge |
status: | New → In Progress |
Changed in ghostscript: | |
status: | New → Invalid |
status: | New → Invalid |
status: | New → Invalid |
status: | New → Invalid |
assignee: | nobody → jamie-strandboge |
status: | Invalid → In Progress |
Changed in gs-esp: | |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
status: | In Progress → Invalid |
Changed in gs-gpl: | |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
status: | New → In Progress |
status: | In Progress → Invalid |
status: | New → Invalid |
Changed in gs-esp: | |
status: | New → Invalid |
Changed in gs-gpl: | |
assignee: | nobody → jamie-strandboge |
assignee: | nobody → jamie-strandboge |
assignee: | nobody → jamie-strandboge |
Changed in gs-esp: | |
assignee: | nobody → jamie-strandboge |
assignee: | nobody → jamie-strandboge |
assignee: | nobody → jamie-strandboge |
Changed in ghostscript: | |
status: | In Progress → Fix Committed |
Changed in gs-esp: | |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
Changed in gs-gpl: | |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
Changed in ghostscript: | |
status: | Unknown → Fix Released |
Changed in gs-gpl: | |
status: | Unknown → Fix Released |
Changed in ghostscript: | |
status: | Unknown → Fix Released |
Changed in ghostscript: | |
status: | Unknown → Fix Released |
Changed in ghostscript (Gentoo Linux): | |
importance: | Unknown → High |
Changed in gs-gpl: | |
importance: | Unknown → Medium |
Changed in ghostscript (Fedora): | |
importance: | Unknown → High |
To post a comment you must log in.
Chris Evans of Google security team has reported a buffer overflow in
zseticcspace() function in zicc.c. The issue is over-trust of the length of a
postscript array which an attacker can set to an arbitrary length.
This issue can lead to arbitrary code execution.