RHSA-2009:0420: Moderate: ghostscript security update

First published: Tue Apr 14 2009(Updated: )

Ghostscript is a set of software that provides a PostScript interpreter, a<br>set of C procedures (the Ghostscript library, which implements the graphics<br>capabilities in the PostScript language) and an interpreter for Portable<br>Document Format (PDF) files.<br>It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not<br>address all possible integer overflow flaws in Ghostscript's International<br>Color Consortium Format library (icclib). Using specially-crafted ICC<br>profiles, an attacker could create a malicious PostScript or PDF file with<br>embedded images that could cause Ghostscript to crash or, potentially,<br>execute arbitrary code when opened. (CVE-2009-0792)<br>A missing boundary check was found in Ghostscript's CCITTFax decoding<br>filter. An attacker could create a specially-crafted PostScript or PDF file<br>that could cause Ghostscript to crash or, potentially, execute arbitrary<br>code when opened. (CVE-2007-6725)<br>Users of ghostscript are advised to upgrade to these updated packages,<br>which contain backported patches to correct these issues.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:0420
• agent/software-canonical-lookup
• package-manager/redhat