RHSA-2009:0421: Moderate: ghostscript security update

First published: Tue Apr 14 2009(Updated: )

Ghostscript is a set of software that provides a PostScript interpreter, a<br>set of C procedures (the Ghostscript library, which implements the graphics<br>capabilities in the PostScript language) and an interpreter for Portable<br>Document Format (PDF) files.<br>It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not<br>address all possible integer overflow flaws in Ghostscript's International<br>Color Consortium Format library (icclib). Using specially-crafted ICC<br>profiles, an attacker could create a malicious PostScript or PDF file with<br>embedded images that could cause Ghostscript to crash or, potentially,<br>execute arbitrary code when opened. (CVE-2009-0792)<br>A buffer overflow flaw and multiple missing boundary checks were found in<br>Ghostscript. An attacker could create a specially-crafted PostScript or PDF<br>file that could cause Ghostscript to crash or, potentially, execute<br>arbitrary code when opened. (CVE-2008-6679, CVE-2007-6725, CVE-2009-0196)<br>Red Hat would like to thank Alin Rad Pop of Secunia Research for<br>responsibly reporting the CVE-2009-0196 flaw.<br>Users of ghostscript are advised to upgrade to these updated packages,<br>which contain backported patches to correct these issues.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/references
• agent/severity
• agent/type
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2009:0421
• agent/software-canonical-lookup
• agent/title
• agent/remedy
• agent/description
• agent/event
• agent/trending
• agent/tags
• agent/source
• package-manager/redhat