CVE-2008-0411: Buffer Overflow
First published: Thu Feb 28 2008(Updated: )
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Mandrakesoft Mandrake Linux | =2007 | |
| Mandrakesoft Mandrake Linux | =2007.0_x86_64 | |
| Mandrakesoft Mandrake Linux | =2007.1 | |
| Mandrakesoft Mandrake Linux | =2007.1 | |
| Mandrakesoft Mandrake Linux | =2008.0 | |
| Mandrakesoft Mandrake Linux | =2008.0 | |
| Mandrakesoft Mandrake Linux Corporate Server | =3.0 | |
| Mandrakesoft Mandrake Linux Corporate Server | =4.0 | |
| Mandrakesoft Mandrakesoft Corporate Server | =3.0_x86_64 | |
| Mandrakesoft Mandrakesoft Corporate Server | =4.0_x86_64 | |
| Redhat Desktop | =3.0 | |
| Redhat Desktop | =4.0 | |
| Redhat Enterprise Linux | =5 | |
| Redhat Enterprise Linux | =as_3 | |
| Redhat Enterprise Linux | =as_4 | |
| Redhat Enterprise Linux | =es_3 | |
| Redhat Enterprise Linux | =es_4 | |
| Redhat Enterprise Linux | =ws_3 | |
| Redhat Enterprise Linux | =ws_4 | |
| Redhat Enterprise Linux Desktop | =5 | |
| Redhat Enterprise Linux Desktop Workstation | =5 | |
| Rpath Rpath Linux | =1 | |
| Suse Novell Linux Pos | =9 | |
| Suse Open Suse | =10.2 | |
| Suse Open Suse | =10.3 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =10-sp1 | |
| Suse Suse Linux | =10-sp1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Open Enterprise Server | =0 | |
| Ghostscript Ghostscript | <=8.61 | |
| Ghostscript Ghostscript | =0 | |
| Ghostscript Ghostscript | =8.0.1 | |
| Ghostscript Ghostscript | =8.15 | |
| All of | ||
| Any of | ||
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Mandrakesoft Mandrake Linux | =2007 | |
| Mandrakesoft Mandrake Linux | =2007.0_x86_64 | |
| Mandrakesoft Mandrake Linux | =2007.1 | |
| Mandrakesoft Mandrake Linux | =2007.1 | |
| Mandrakesoft Mandrake Linux | =2008.0 | |
| Mandrakesoft Mandrake Linux | =2008.0 | |
| Mandrakesoft Mandrake Linux Corporate Server | =3.0 | |
| Mandrakesoft Mandrake Linux Corporate Server | =4.0 | |
| Mandrakesoft Mandrakesoft Corporate Server | =3.0_x86_64 | |
| Mandrakesoft Mandrakesoft Corporate Server | =4.0_x86_64 | |
| Redhat Desktop | =3.0 | |
| Redhat Desktop | =4.0 | |
| Redhat Enterprise Linux | =5 | |
| Redhat Enterprise Linux | =as_3 | |
| Redhat Enterprise Linux | =as_4 | |
| Redhat Enterprise Linux | =es_3 | |
| Redhat Enterprise Linux | =es_4 | |
| Redhat Enterprise Linux | =ws_3 | |
| Redhat Enterprise Linux | =ws_4 | |
| Redhat Enterprise Linux Desktop | =5 | |
| Redhat Enterprise Linux Desktop Workstation | =5 | |
| Rpath Rpath Linux | =1 | |
| Suse Novell Linux Pos | =9 | |
| Suse Open Suse | =10.2 | |
| Suse Open Suse | =10.3 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =10-sp1 | |
| Suse Suse Linux | =10-sp1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Open Enterprise Server | =0 | |
| Ghostscript Ghostscript | <=8.61 | |
| All of | ||
| Any of | ||
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Debian Debian Linux | =4.0 | |
| Any of | ||
| Ghostscript Ghostscript | =0 | |
| Ghostscript Ghostscript | =8.0.1 | |
| Ghostscript Ghostscript | =8.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://scary.beasts.org/security/CESA-2008-001.html
- http://www.debian.org/security/2008/dsa-1510
- http://www.redhat.com/support/errata/RHSA-2008-0155.html
- http://www.securityfocus.com/bid/28017
- https://issues.rpath.com/browse/RPL-2217
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:055
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html
- http://secunia.com/advisories/29101
- http://secunia.com/advisories/29147
- http://secunia.com/advisories/29169
- http://wiki.rpath.com/Advisories:rPSA-2008-0082
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.370633
- http://www.securitytracker.com/id?1019511
- http://secunia.com/advisories/29103
- http://secunia.com/advisories/29112
- http://secunia.com/advisories/29135
- http://secunia.com/advisories/29196
- http://secunia.com/advisories/29154
- http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml
- http://secunia.com/advisories/29314
- http://www.ubuntu.com/usn/usn-599-1
- http://secunia.com/advisories/29768
- http://www.vupen.com/english/advisories/2008/0693/references
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557
- http://www.securityfocus.com/archive/1/488946/100/0/threaded
- http://www.securityfocus.com/archive/1/488932/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/event
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/3.1
- version/debian debian linux/4.0
- vendor/mandrakesoft
- canonical/mandrakesoft mandrake linux
- version/mandrakesoft mandrake linux/2007
- version/mandrakesoft mandrake linux/2007.0_x86_64
- version/mandrakesoft mandrake linux/2007.1
- version/mandrakesoft mandrake linux/2008.0
- canonical/mandrakesoft mandrake linux corporate server
- version/mandrakesoft mandrake linux corporate server/3.0
- version/mandrakesoft mandrake linux corporate server/4.0
- canonical/mandrakesoft mandrakesoft corporate server
- version/mandrakesoft mandrakesoft corporate server/3.0_x86_64
- version/mandrakesoft mandrakesoft corporate server/4.0_x86_64
- vendor/redhat
- canonical/redhat desktop
- version/redhat desktop/3.0
- version/redhat desktop/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5
- version/redhat enterprise linux/as_3
- version/redhat enterprise linux/as_4
- version/redhat enterprise linux/es_3
- version/redhat enterprise linux/es_4
- version/redhat enterprise linux/ws_3
- version/redhat enterprise linux/ws_4
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5
- canonical/redhat enterprise linux desktop workstation
- version/redhat enterprise linux desktop workstation/5
- vendor/rpath
- canonical/rpath rpath linux
- version/rpath rpath linux/1
- vendor/suse
- canonical/suse novell linux pos
- version/suse novell linux pos/9
- canonical/suse open suse
- version/suse open suse/10.2
- version/suse open suse/10.3
- canonical/suse suse linux
- version/suse suse linux/9.0
- version/suse suse linux/10-sp1
- version/suse suse linux/10.1
- canonical/suse suse open enterprise server
- version/suse suse open enterprise server/0
- vendor/ghostscript
- canonical/ghostscript ghostscript
- version/ghostscript ghostscript/8.61
- version/ghostscript ghostscript/0
- version/ghostscript ghostscript/8.0.1
- version/ghostscript ghostscript/8.15