Buffer overflow in Ghostscript

CVE-2008-0411

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Vulnerability class: Buffer Overflow

EPSS: 0.144 (96.2th percentile) — read the EPSS interpretation.

Affected products

Ghostscript — versions 0, 8.0.1, 8.15
Mandrakesoft Mandrake_linux — versions 2007, 2007.0_x86_64, 2007.1
Mandrakesoft Mandrake_linux_corporate_server — versions 3.0, 4.0
Mandrakesoft Mandrakesoft_corporate_server — versions 3.0_x86_64, 4.0_x86_64
Rpath Rpath_linux — versions 1
Debian Debian_linux — versions 3.1, 4.0
Redhat Desktop — versions 3.0, 4.0
Redhat Enterprise_linux — versions 5, as_3, as_4
Redhat Enterprise_linux_desktop — versions 5
Redhat Enterprise_linux_desktop_workstation — versions 5

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (URL Repurposed, x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Patch, x_refsource_GENTOO)
secalert@redhat.com (URL Repurposed, x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (URL Repurposed, x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (mailing-list, x_refsource_BUGTRAQ, VDB Entry, Broken Link)
secalert@redhat.com (vdb-entry, Not Applicable, x_refsource_VUPEN)
secalert@redhat.com (URL Repurposed, x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (mailing-list, x_refsource_BUGTRAQ, VDB Entry, Broken Link)
secalert@redhat.com (Broken Link, signature, x_refsource_OVAL, vdb-entry)