oval:org.mitre.oval:def:13192
| Definition Id: oval:org.mitre.oval:def:13192 | |||
| Oval ID: | oval:org.mitre.oval:def:13192 | ||
| Title: | USN-757-1 -- ghostscript, gs-esp, gs-gpl vulnerabilities | ||
| Description: | It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript contained a buffer overflow in the BaseFont writer module. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript contained additional integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the jbig2dec library. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. USN-743-1 provided updated ghostscript and gs-gpl packages to fix two security vulnerabilities. This update corrects the same vulnerabilities in the gs-esp package. Original advisory details: It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that Ghostscript did not properly perform bounds checking in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-757-1 CVE-2007-6725 CVE-2008-6679 CVE-2009-0792 CVE-2009-0196 CVE-2009-0583 CVE-2009-0584 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | ghostscript gs-esp gs-gpl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13250 | |||
| Oval ID: | oval:org.mitre.oval:def:13250 | ||
| Title: | Ubuntu 8.04 is installed | ||
| Description: | Ubuntu 8.04 is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:ubuntu:ubuntu_linux:8.04 | Version: | 3 |
| Platform(s): | Ubuntu 8.04 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:13192 | |||
| Definition Id: oval:org.mitre.oval:def:13319 | |||
| Oval ID: | oval:org.mitre.oval:def:13319 | ||
| Title: | Ubuntu 6.06 is installed | ||
| Description: | Ubuntu 6.06 is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:ubuntu:ubuntu_linux:6.06 | Version: | 3 |
| Platform(s): | Ubuntu 6.06 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:13192 | |||
| Definition Id: oval:org.mitre.oval:def:13306 | |||
| Oval ID: | oval:org.mitre.oval:def:13306 | ||
| Title: | Ubuntu 8.10 is installed | ||
| Description: | Ubuntu 8.10 is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:ubuntu:ubuntu_linux:8.10 | Version: | 3 |
| Platform(s): | Ubuntu 8.10 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:13192 | |||
