This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ghostscript First view 2008-02-28
Product Ghostscript Last view 2014-10-26
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:* 6
cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:* 6
cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.64:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:7.05:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:* 5
cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:* 4
cpe:2.3:a:ghostscript:ghostscript:8.70:*:*:*:*:*:*:* 1
cpe:2.3:a:ghostscript:ghostscript:9.06:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.4 2014-10-26 CVE-2010-4820

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
6.8 2012-09-18 CVE-2012-4405

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.
9.3 2009-12-21 CVE-2009-4270

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
9.3 2009-04-16 CVE-2009-0196

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
9.3 2009-04-14 CVE-2009-0792

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
5 2009-04-08 CVE-2008-6679

Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
7.5 2009-04-08 CVE-2007-6725

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
9.3 2009-03-23 CVE-2009-0584

icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
9.3 2009-03-23 CVE-2009-0583

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.
6.8 2008-02-28 CVE-2008-0411

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

CWE : Common Weakness Enumeration

%idName
60% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
30% (3) CWE-189 Numeric Errors
10% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:9557 Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostsc...
oval:org.mitre.oval:def:7775 DSA-1510 gs-esp gs-gpl -- buffer overflow
oval:org.mitre.oval:def:20095 DSA-1510-1 gs-esp gs-gpl - arbitrary code execution
oval:org.mitre.oval:def:16848 USN-599-1 -- ghostscript, gs-esp, gs-gpl vulnerability
oval:org.mitre.oval:def:22430 ELSA-2008:0155: ghostscript security update (Important)
oval:org.mitre.oval:def:10795 Multiple integer overflows in icc.c in the International Color Consortium (IC...
oval:org.mitre.oval:def:13856 USN-743-1 -- ghostscript, gs-gpl vulnerabilities
oval:org.mitre.oval:def:13192 USN-757-1 -- ghostscript, gs-esp, gs-gpl vulnerabilities
oval:org.mitre.oval:def:13122 DSA-1746-1 ghostscript -- several vulnerabilities
oval:org.mitre.oval:def:10544 icc.c in the International Color Consortium (ICC) Format library (aka icclib)...
oval:org.mitre.oval:def:22722 ELSA-2009:0345: ghostscript security update (Moderate)
oval:org.mitre.oval:def:29171 RHSA-2009:0345 -- ghostscript security update (Moderate)
oval:org.mitre.oval:def:9507 The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other ve...
oval:org.mitre.oval:def:10019 Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possib...
oval:org.mitre.oval:def:11207 Multiple integer overflows in icc.c in the International Color Consortium (IC...
oval:org.mitre.oval:def:22480 ELSA-2009:0421: ghostscript security update (Moderate)
oval:org.mitre.oval:def:29276 RHSA-2009:0421 -- ghostscript security update (Moderate)
oval:org.mitre.oval:def:10533 Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_sym...
oval:org.mitre.oval:def:21604 RHSA-2012:1256: ghostscript security update (Moderate)
oval:org.mitre.oval:def:18204 USN-1581-1 -- ghostscript vulnerability
oval:org.mitre.oval:def:18147 DSA-2595-1 ghostscript - buffer overflow
oval:org.mitre.oval:def:23613 ELSA-2012:1256: ghostscript security update (Moderate)
oval:org.mitre.oval:def:23220 DEPRECATED: ELSA-2012:1256: ghostscript security update (Moderate)
oval:org.mitre.oval:def:27727 DEPRECATED: ELSA-2012-1256 -- ghostscript security update (moderate)
oval:org.mitre.oval:def:20914 RHSA-2012:0095: ghostscript security update (Moderate)

Open Source Vulnerability Database (OSVDB)

id Description
61140 Ghostscript base/gsmisc.c errprintf() Function Overflow
56412 International Color Consortium (ICC) Format library (icclib) Native Color Spa...
53618 Ghostscript CCITTFax Decoding Filter cf_decode_2d Function PDF File Handling ...
53586 Ghostscript BaseFont Writer Module Postscript File Handling Overflow
53492 Ghostscript jbig2dec Library PDF File Handling Overflow
53255 International Color Consortium (ICC) Format library (icclib) icc.c Crafted Im...
52988 International Color Consortium (ICC) Format library (icclib) icc.c Crafted Im...
42310 Ghostscript zicc.c zseticcspace Function Remote Overflow

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2595-1 (ghostscript - integer overflow)
File : nvt/deb_2595_1.nasl
2012-10-09 Name : Mandriva Update for ghostscript MDVSA-2012:151-1 (ghostscript)
File : nvt/gb_mandriva_MDVSA_2012_151_1.nasl
2012-10-03 Name : Fedora Update for ghostscript FEDORA-2012-13846
File : nvt/gb_fedora_2012_13846_ghostscript_fc17.nasl
2012-10-03 Name : Fedora Update for ghostscript FEDORA-2012-13839
File : nvt/gb_fedora_2012_13839_ghostscript_fc16.nasl
2012-09-25 Name : Ubuntu Update for ghostscript USN-1581-1
File : nvt/gb_ubuntu_USN_1581_1.nasl
2012-09-17 Name : CentOS Update for ghostscript CESA-2012:1256 centos6
File : nvt/gb_CESA-2012_1256_ghostscript_centos6.nasl
2012-09-17 Name : CentOS Update for ghostscript CESA-2012:1256 centos5
File : nvt/gb_CESA-2012_1256_ghostscript_centos5.nasl
2012-09-17 Name : RedHat Update for ghostscript RHSA-2012:1256-01
File : nvt/gb_RHSA-2012_1256-01_ghostscript.nasl
2012-07-30 Name : CentOS Update for ghostscript CESA-2012:0096 centos4
File : nvt/gb_CESA-2012_0096_ghostscript_centos4.nasl
2012-07-30 Name : CentOS Update for ghostscript CESA-2012:0095 centos6
File : nvt/gb_CESA-2012_0095_ghostscript_centos6.nasl
2012-07-30 Name : CentOS Update for ghostscript CESA-2012:0095 centos5
File : nvt/gb_CESA-2012_0095_ghostscript_centos5.nasl
2012-02-03 Name : RedHat Update for ghostscript RHSA-2012:0096-01
File : nvt/gb_RHSA-2012_0096-01_ghostscript.nasl
2012-02-03 Name : RedHat Update for ghostscript RHSA-2012:0095-01
File : nvt/gb_RHSA-2012_0095-01_ghostscript.nasl
2011-08-09 Name : CentOS Update for ghostscript CESA-2009:0421 centos5 i386
File : nvt/gb_CESA-2009_0421_ghostscript_centos5_i386.nasl
2011-08-09 Name : CentOS Update for ghostscript CESA-2009:0420 centos4 i386
File : nvt/gb_CESA-2009_0420_ghostscript_centos4_i386.nasl
2011-08-09 Name : CentOS Update for ghostscript CESA-2009:0420 centos3 i386
File : nvt/gb_CESA-2009_0420_ghostscript_centos3_i386.nasl
2011-08-09 Name : CentOS Update for ghostscript CESA-2009:0345 centos4 i386
File : nvt/gb_CESA-2009_0345_ghostscript_centos4_i386.nasl
2011-08-09 Name : CentOS Update for ghostscript CESA-2009:0345 centos3 i386
File : nvt/gb_CESA-2009_0345_ghostscript_centos3_i386.nasl
2010-10-19 Name : Fedora Update for ghostscript FEDORA-2010-14633
File : nvt/gb_fedora_2010_14633_ghostscript_fc12.nasl
2010-08-21 Name : Debian Security Advisory DSA 2080-1 (ghostscript)
File : nvt/deb_2080_1.nasl
2010-08-20 Name : Fedora Update for ghostscript FEDORA-2010-11376
File : nvt/gb_fedora_2010_11376_ghostscript_fc12.nasl
2010-07-16 Name : Mandriva Update for ghostscript MDVSA-2010:134 (ghostscript)
File : nvt/gb_mandriva_MDVSA_2010_134.nasl
2010-07-16 Name : Ubuntu Update for ghostscript vulnerabilities USN-961-1
File : nvt/gb_ubuntu_USN_961_1.nasl
2010-04-30 Name : Mandriva Update for sane MDVA-2010:134 (sane)
File : nvt/gb_mandriva_MDVA_2010_134.nasl
2010-04-30 Name : Mandriva Update for desktop-common-data MDVA-2010:135 (desktop-common-data)
File : nvt/gb_mandriva_MDVA_2010_135.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-17.nasl - Type: ACT_GATHER_INFO
2014-10-10 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL9990.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-669.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2012-668.nasl - Type: ACT_GATHER_INFO
2014-03-02 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201402-29.nasl - Type: ACT_GATHER_INFO
2013-09-04 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2012-127.nasl - Type: ACT_GATHER_INFO
2013-09-04 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2012-42.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-1256.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0096.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2012-0095.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0421.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0420.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0345.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0155.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-089.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2013-090.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_ghostscript-devel-120912.nasl - Type: ACT_GATHER_INFO
2012-12-31 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2595.nasl - Type: ACT_GATHER_INFO
2012-10-06 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2012-151.nasl - Type: ACT_GATHER_INFO
2012-09-29 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13839.nasl - Type: ACT_GATHER_INFO
2012-09-29 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13846.nasl - Type: ACT_GATHER_INFO
2012-09-25 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1581-1.nasl - Type: ACT_GATHER_INFO
2012-09-20 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_ghostscript-fonts-other-8290.nasl - Type: ACT_GATHER_INFO
2012-09-12 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2012-1256.nasl - Type: ACT_GATHER_INFO
2012-09-12 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20120911_ghostscript_on_SL5_x.nasl - Type: ACT_GATHER_INFO