oss-sec mailing list archives
CVE assignment: ghostscript stack-based overflow
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 11 May 2010 19:24:51 -0400 (EDT)
FYI. The researcher told me that some distros were notified pre-disclosure, but I had already assigned this CVE when I found out.
====================================================== Name: CVE-2010-1869 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1869 Reference: MISC:http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.
Current thread:
- CVE assignment: ghostscript stack-based overflow Steven M. Christey (May 11)
- Re: CVE assignment: ghostscript stack-based overflow Dan Rosenberg (May 11)
- Re: CVE assignment: ghostscript stack-based overflow Josh Bressers (May 18)
- Re: CVE assignment: ghostscript stack-based overflow Dan Rosenberg (May 11)