oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (Sort of urgent) CVE request -- ghostscript

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 8 Apr 2009 11:28:50 -0400 (EDT)

======================================================
Name: CVE-2007-6725
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
Reference: MLIST:[oss-security] 20090401 CVE request -- ghostscript
Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/10
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=229174
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=493442
Reference: FEDORA:FEDORA-2008-5699
Reference: URL:http://www.mail-archive.com/fedora-package-announce () redhat com/msg11830.html

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly
other versions, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted PDF file
that triggers a buffer underflow in the cf_decode_2d function.


======================================================
Name: CVE-2008-6679
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
Reference: MLIST:[oss-security] 20090401 CVE request -- ghostscript
Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/10
Reference: CONFIRM:http://bugs.ghostscript.com/show_bug.cgi?id=690211
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=493445

Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and
possibly other versions, allows remote attackers to cause a denial of
service (ps2pdf crash) and possibly execute arbitrary code via a
crafted Postscript file.
Previous By Date Next
Previous By Thread Next

Current thread: