ghostscript: integer overflows [LWN.net]

Package(s):

ghostscript

CVE #(s):

CVE-2009-0583 CVE-2009-0584

Created:

March 19, 2009

Updated:

December 4, 2009

Description:

Ghostscript has several integer overflow vulnerabilities. From the Red Hat alert:

Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. (CVE-2009-0583, CVE-2009-0584)

Alerts:

Mandriva	MDVSA-2009:311	2009-12-03
Slackware	SSA:2009-181-01	2009-06-30
Mandriva	MDVSA-2009:096-1	2009-04-24
Red Hat	RHSA-2009:0421-01	2009-04-14
Red Hat	RHSA-2009:0420-01	2009-04-14
CentOS	CESA-2009:0420	2009-04-15
Ubuntu	USN-757-1	2009-04-15
Fedora	FEDORA-2009-3435	2009-04-09
Fedora	FEDORA-2009-3430	2009-04-09
Fedora	FEDORA-2009-3011	2009-03-25
Fedora	FEDORA-2009-3031	2009-03-25
Ubuntu	USN-743-1	2009-03-23
SuSE	SUSE-SR:2009:007	2009-03-24
Gentoo	200903-37	2009-03-23
Fedora	FEDORA-2009-2885	2009-03-21
Fedora	FEDORA-2009-2883	2009-03-21
Debian	DSA-1746-1	2009-03-20
rPath	rPSA-2009-0050-1	2009-03-19
CentOS	CESA-2009:0345	2009-03-19
Red Hat	RHSA-2009:0345-01	2009-03-19
Mandriva	MDVSA-2009:096	2009-04-24
Mandriva	MDVSA-2009:095	2009-04-24
CentOS	CESA-2009:0421	2009-04-20
Fedora	FEDORA-2009-3709	2009-04-15
Fedora	FEDORA-2009-3710	2009-04-15

(Log in to post comments)