CVE-2007-6725: Buffer Overflow

Reference Links

• http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
• http://secunia.com/advisories/34726
• http://secunia.com/advisories/34729
• http://secunia.com/advisories/34732
• http://secunia.com/advisories/35416
• http://secunia.com/advisories/35559
• http://secunia.com/advisories/35569
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
• http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm
• http://wiki.rpath.com/Advisories:rPSA-2009-0060
• http://www.mail-archive.com/fedora-package-announce%40redhat.com/msg11830.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
• http://www.openwall.com/lists/oss-security/2009/04/01/10
• http://www.redhat.com/support/errata/RHSA-2009-0420.html
• http://www.redhat.com/support/errata/RHSA-2009-0421.html
• http://www.securityfocus.com/archive/1/502757/100/0/threaded
• http://www.securityfocus.com/bid/34337
• http://www.vupen.com/english/advisories/2009/1708
• https://bugzilla.redhat.com/show_bug.cgi?id=229174
• https://bugzilla.redhat.com/show_bug.cgi?id=493442
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507
• https://usn.ubuntu.com/757-1/
• http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html
• https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=337622
• https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=337622&action=edit
• https://access.redhat.com/security/cve/CVE-2007-6725
• https://rhn.redhat.com/errata/RHSA-2009-0421.html
• https://www.cve.org/CVERecord?id=CVE-2007-6725 https://nvd.nist.gov/vuln/detail/CVE-2007-6725
• https://access.redhat.com/errata/RHSA-2009:0420
• https://access.redhat.com/errata/RHSA-2009:0421
• https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6725.json

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2009:0420
• RHSA-2009:0421

Frequently Asked Questions

• What is the severity of CVE-2007-6725?

  CVE-2007-6725 is classified as a denial of service vulnerability that could also lead to potential arbitrary code execution.

• How do I fix CVE-2007-6725?

  To mitigate CVE-2007-6725, users should update Ghostscript to a version that is not affected, specifically versions after 8.61.

• What software versions are affected by CVE-2007-6725?

  CVE-2007-6725 affects Ghostscript versions 8.60 and 8.61 among others listed in the advisory.

• What could happen if I open a malicious PDF with CVE-2007-6725?

  Opening a malicious PDF file may cause Ghostscript to crash or potentially allow an attacker to execute arbitrary code.

• Who is vulnerable to CVE-2007-6725?

  Any user or system running the affected versions of Ghostscript is at risk of exploitation via specially-crafted PDF files.