Your submission was sent successfully! Close

CVE-2008-0411

Published: 28 February 2008

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Priority

Medium

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty Does not exist

gutsy
Released (8.61.dfsg.1~svn8187-0ubuntu3.4)
upstream Needs triage

Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2008-0155.html
vendor: http://www.debian.org/security/2008/dsa-1510
gs-esp
Launchpad, Ubuntu, Debian
dapper
Released (8.15.2.dfsg.0ubuntu1-0ubuntu1.1)
edgy
Released (8.15.2.dfsg.0ubuntu1-0ubuntu4.1)
feisty
Released (8.15.4.dfsg.1-0ubuntu1.1)
gutsy Does not exist

upstream Needs triage

gs-gpl
Launchpad, Ubuntu, Debian
dapper
Released (8.15-4ubuntu3.1)
edgy
Released (8.50-1.1ubuntu1.2)
feisty
Released (8.54.dfsg.1-5ubuntu0.2)
gutsy Does not exist

upstream Needs triage