Summary
Detail | |||
---|---|---|---|
Vendor | Ghostscript | First view | 2008-02-28 |
Product | Ghostscript | Last view | 2014-10-26 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.4 | 2014-10-26 | CVE-2010-4820 | Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055. |
6.8 | 2012-09-18 | CVE-2012-4405 | Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error. |
9.3 | 2009-12-21 | CVE-2009-4270 | Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. |
9.3 | 2009-04-16 | CVE-2009-0196 | Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. |
9.3 | 2009-04-14 | CVE-2009-0792 | Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583. |
5 | 2009-04-08 | CVE-2008-6679 | Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file. |
7.5 | 2009-04-08 | CVE-2007-6725 | The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function. |
9.3 | 2009-03-23 | CVE-2009-0584 | icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. |
9.3 | 2009-03-23 | CVE-2009-0583 | Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. |
6.8 | 2008-02-28 | CVE-2008-0411 | Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
60% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
30% (3) | CWE-189 | Numeric Errors |
10% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:9557 | Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostsc... |
oval:org.mitre.oval:def:7775 | DSA-1510 gs-esp gs-gpl -- buffer overflow |
oval:org.mitre.oval:def:20095 | DSA-1510-1 gs-esp gs-gpl - arbitrary code execution |
oval:org.mitre.oval:def:16848 | USN-599-1 -- ghostscript, gs-esp, gs-gpl vulnerability |
oval:org.mitre.oval:def:22430 | ELSA-2008:0155: ghostscript security update (Important) |
oval:org.mitre.oval:def:10795 | Multiple integer overflows in icc.c in the International Color Consortium (IC... |
oval:org.mitre.oval:def:13856 | USN-743-1 -- ghostscript, gs-gpl vulnerabilities |
oval:org.mitre.oval:def:13192 | USN-757-1 -- ghostscript, gs-esp, gs-gpl vulnerabilities |
oval:org.mitre.oval:def:13122 | DSA-1746-1 ghostscript -- several vulnerabilities |
oval:org.mitre.oval:def:10544 | icc.c in the International Color Consortium (ICC) Format library (aka icclib)... |
oval:org.mitre.oval:def:22722 | ELSA-2009:0345: ghostscript security update (Moderate) |
oval:org.mitre.oval:def:29171 | RHSA-2009:0345 -- ghostscript security update (Moderate) |
oval:org.mitre.oval:def:9507 | The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other ve... |
oval:org.mitre.oval:def:10019 | Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possib... |
oval:org.mitre.oval:def:11207 | Multiple integer overflows in icc.c in the International Color Consortium (IC... |
oval:org.mitre.oval:def:22480 | ELSA-2009:0421: ghostscript security update (Moderate) |
oval:org.mitre.oval:def:29276 | RHSA-2009:0421 -- ghostscript security update (Moderate) |
oval:org.mitre.oval:def:10533 | Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_sym... |
oval:org.mitre.oval:def:21604 | RHSA-2012:1256: ghostscript security update (Moderate) |
oval:org.mitre.oval:def:18204 | USN-1581-1 -- ghostscript vulnerability |
oval:org.mitre.oval:def:18147 | DSA-2595-1 ghostscript - buffer overflow |
oval:org.mitre.oval:def:23613 | ELSA-2012:1256: ghostscript security update (Moderate) |
oval:org.mitre.oval:def:23220 | DEPRECATED: ELSA-2012:1256: ghostscript security update (Moderate) |
oval:org.mitre.oval:def:27727 | DEPRECATED: ELSA-2012-1256 -- ghostscript security update (moderate) |
oval:org.mitre.oval:def:20914 | RHSA-2012:0095: ghostscript security update (Moderate) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
61140 | Ghostscript base/gsmisc.c errprintf() Function Overflow |
56412 | International Color Consortium (ICC) Format library (icclib) Native Color Spa... |
53618 | Ghostscript CCITTFax Decoding Filter cf_decode_2d Function PDF File Handling ... |
53586 | Ghostscript BaseFont Writer Module Postscript File Handling Overflow |
53492 | Ghostscript jbig2dec Library PDF File Handling Overflow |
53255 | International Color Consortium (ICC) Format library (icclib) icc.c Crafted Im... |
52988 | International Color Consortium (ICC) Format library (icclib) icc.c Crafted Im... |
42310 | Ghostscript zicc.c zseticcspace Function Remote Overflow |
OpenVAS Exploits
id | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2595-1 (ghostscript - integer overflow) File : nvt/deb_2595_1.nasl |
2012-10-09 | Name : Mandriva Update for ghostscript MDVSA-2012:151-1 (ghostscript) File : nvt/gb_mandriva_MDVSA_2012_151_1.nasl |
2012-10-03 | Name : Fedora Update for ghostscript FEDORA-2012-13846 File : nvt/gb_fedora_2012_13846_ghostscript_fc17.nasl |
2012-10-03 | Name : Fedora Update for ghostscript FEDORA-2012-13839 File : nvt/gb_fedora_2012_13839_ghostscript_fc16.nasl |
2012-09-25 | Name : Ubuntu Update for ghostscript USN-1581-1 File : nvt/gb_ubuntu_USN_1581_1.nasl |
2012-09-17 | Name : CentOS Update for ghostscript CESA-2012:1256 centos6 File : nvt/gb_CESA-2012_1256_ghostscript_centos6.nasl |
2012-09-17 | Name : CentOS Update for ghostscript CESA-2012:1256 centos5 File : nvt/gb_CESA-2012_1256_ghostscript_centos5.nasl |
2012-09-17 | Name : RedHat Update for ghostscript RHSA-2012:1256-01 File : nvt/gb_RHSA-2012_1256-01_ghostscript.nasl |
2012-07-30 | Name : CentOS Update for ghostscript CESA-2012:0096 centos4 File : nvt/gb_CESA-2012_0096_ghostscript_centos4.nasl |
2012-07-30 | Name : CentOS Update for ghostscript CESA-2012:0095 centos6 File : nvt/gb_CESA-2012_0095_ghostscript_centos6.nasl |
2012-07-30 | Name : CentOS Update for ghostscript CESA-2012:0095 centos5 File : nvt/gb_CESA-2012_0095_ghostscript_centos5.nasl |
2012-02-03 | Name : RedHat Update for ghostscript RHSA-2012:0096-01 File : nvt/gb_RHSA-2012_0096-01_ghostscript.nasl |
2012-02-03 | Name : RedHat Update for ghostscript RHSA-2012:0095-01 File : nvt/gb_RHSA-2012_0095-01_ghostscript.nasl |
2011-08-09 | Name : CentOS Update for ghostscript CESA-2009:0421 centos5 i386 File : nvt/gb_CESA-2009_0421_ghostscript_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for ghostscript CESA-2009:0420 centos4 i386 File : nvt/gb_CESA-2009_0420_ghostscript_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for ghostscript CESA-2009:0420 centos3 i386 File : nvt/gb_CESA-2009_0420_ghostscript_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for ghostscript CESA-2009:0345 centos4 i386 File : nvt/gb_CESA-2009_0345_ghostscript_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for ghostscript CESA-2009:0345 centos3 i386 File : nvt/gb_CESA-2009_0345_ghostscript_centos3_i386.nasl |
2010-10-19 | Name : Fedora Update for ghostscript FEDORA-2010-14633 File : nvt/gb_fedora_2010_14633_ghostscript_fc12.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2080-1 (ghostscript) File : nvt/deb_2080_1.nasl |
2010-08-20 | Name : Fedora Update for ghostscript FEDORA-2010-11376 File : nvt/gb_fedora_2010_11376_ghostscript_fc12.nasl |
2010-07-16 | Name : Mandriva Update for ghostscript MDVSA-2010:134 (ghostscript) File : nvt/gb_mandriva_MDVSA_2010_134.nasl |
2010-07-16 | Name : Ubuntu Update for ghostscript vulnerabilities USN-961-1 File : nvt/gb_ubuntu_USN_961_1.nasl |
2010-04-30 | Name : Mandriva Update for sane MDVA-2010:134 (sane) File : nvt/gb_mandriva_MDVA_2010_134.nasl |
2010-04-30 | Name : Mandriva Update for desktop-common-data MDVA-2010:135 (desktop-common-data) File : nvt/gb_mandriva_MDVA_2010_135.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-17.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL9990.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-669.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2012-668.nasl - Type: ACT_GATHER_INFO |
2014-03-02 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201402-29.nasl - Type: ACT_GATHER_INFO |
2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-127.nasl - Type: ACT_GATHER_INFO |
2013-09-04 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2012-42.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-1256.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-0096.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2012-0095.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-0421.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-0420.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-0345.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0155.nasl - Type: ACT_GATHER_INFO |
2013-04-20 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2013-089.nasl - Type: ACT_GATHER_INFO |
2013-04-20 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2013-090.nasl - Type: ACT_GATHER_INFO |
2013-01-25 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_ghostscript-devel-120912.nasl - Type: ACT_GATHER_INFO |
2012-12-31 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2595.nasl - Type: ACT_GATHER_INFO |
2012-10-06 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2012-151.nasl - Type: ACT_GATHER_INFO |
2012-09-29 | Name: The remote Fedora host is missing a security update. File: fedora_2012-13839.nasl - Type: ACT_GATHER_INFO |
2012-09-29 | Name: The remote Fedora host is missing a security update. File: fedora_2012-13846.nasl - Type: ACT_GATHER_INFO |
2012-09-25 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-1581-1.nasl - Type: ACT_GATHER_INFO |
2012-09-20 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_ghostscript-fonts-other-8290.nasl - Type: ACT_GATHER_INFO |
2012-09-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-1256.nasl - Type: ACT_GATHER_INFO |
2012-09-12 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120911_ghostscript_on_SL5_x.nasl - Type: ACT_GATHER_INFO |