MidnightBSD

Advisories for ghostscript

CVE-2007-6725 HIGH

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ghostscript ghostscript 8.61
CVE-2008-0411 MEDIUM

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
ghostscript ghostscript *
ghostscript ghostscript 0
ghostscript ghostscript 8.0.1
ghostscript ghostscript 8.15
CVE-2009-0583 HIGH

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
argyllcms argyllcms 0.2.0
ghostscript ghostscript 7.05
ghostscript ghostscript 8.0.1
argyllcms argyllcms 1.0.0
ghostscript ghostscript 8.15.2
argyllcms argyllcms 1.0.2
ghostscript ghostscript 8.15
ghostscript ghostscript 8.63
argyllcms argyllcms 0.2.2
ghostscript ghostscript 5.50
ghostscript ghostscript 8.56
argyllcms argyllcms *
ghostscript ghostscript *
ghostscript ghostscript 8.61
argyllcms argyllcms 0.2.1
ghostscript ghostscript 7.07
argyllcms argyllcms 0.6.0
ghostscript ghostscript 8.54
ghostscript ghostscript 8.62
argyllcms argyllcms 0.7.0
ghostscript ghostscript 8.57
argyllcms argyllcms 0.1.0
argyllcms argyllcms 0.3.0
CVE-2009-0792 HIGH

Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
argyllcms argyllcms 0.2.0
ghostscript ghostscript 7.05
ghostscript ghostscript 8.0.1
argyllcms argyllcms 1.0.0
ghostscript ghostscript 8.15.2
argyllcms argyllcms 1.0.2
ghostscript ghostscript 8.15
ghostscript ghostscript 8.63
argyllcms argyllcms 0.2.2
ghostscript ghostscript 5.50
ghostscript ghostscript 8.56
argyllcms argyllcms *
ghostscript ghostscript *
ghostscript ghostscript 8.61
argyllcms argyllcms 0.2.1
ghostscript ghostscript 7.07
argyllcms argyllcms 0.6.0
ghostscript ghostscript 8.54
ghostscript ghostscript 8.62
argyllcms argyllcms 0.7.0
ghostscript ghostscript 8.57
argyllcms argyllcms 0.1.0
argyllcms argyllcms 0.3.0
CVE-2012-4405 MEDIUM

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
argyllcms cms -
color icclib -
ghostscript ghostscript 9.06