Launchpad.net

CVE 2008-0411

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Related bugs and status

CVE-2008-0411 (Candidate) is related to these bugs:

Bug #196397: [ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code

		In	Importance	Status
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-gpl (Ubuntu)	Undecided	Invalid
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-esp (Ubuntu)	Undecided	Invalid
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Ubuntu)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Ubuntu Gutsy)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-esp (Ubuntu Gutsy)	Undecided	Invalid
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-gpl (Ubuntu Gutsy)	Undecided	Invalid
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Ubuntu Dapper)	Undecided	Invalid
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-esp (Ubuntu Dapper)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-gpl (Ubuntu Dapper)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Ubuntu Feisty)	Undecided	Invalid
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-esp (Ubuntu Feisty)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-gpl (Ubuntu Feisty)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Ubuntu Edgy)	Undecided	Invalid
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-esp (Ubuntu Edgy)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	gs-gpl (Ubuntu Edgy)	Undecided	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Fedora)	High	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Mandriva)	Unknown	Unknown
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Debian)	Unknown	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	ghostscript (Gentoo Linux)	High	Fix Released
196397	[ghostscript] [CVE-2008-0411] buffer overflow in the color space handling code	GS-GPL	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://scary.beasts.or...
CONFIRM: https://issues.rpath.c...
DEBIAN: DSA-1510
MANDRIVA: MDVSA-2008:055
REDHAT: RHSA-2008:0155
SUSE: SUSE-SA:2008:010
BID: 28017
SECUNIA: 29101
SECUNIA: 29147
SECUNIA: 29169
CONFIRM: http://wiki.rpath.com/...
FEDORA: FEDORA-2008-1998
GENTOO: GLSA-200803-14
SECTRACK: 1019511
SECUNIA: 29103
SECUNIA: 29112
SECUNIA: 29135
SECUNIA: 29196
SECUNIA: 29154
SECUNIA: 29314
UBUNTU: USN-599-1
SECUNIA: 29768
VUPEN: ADV-2008-0693
SLACKWARE: SSA:2008-062-01
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080228 Ghostscript b...
BUGTRAQ: 20080228 rPSA-2008-008...