Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file. For the stable distribution (etch), this problem has been fixed in version 8.54.dfsg.1-5etch1 of gs-gpl and 8.15.3.dfsg.1-1etch1 of gs-esp. For the old stable distribution (sarge), this problem has been fixed in version 8.01-6 of gs-gpl and 7.07.1-9sarge1 of gs-esp. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your gs-esp and gs-gpl packages.
Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file.
For the stable distribution (etch), this problem has been fixed in version 8.54.dfsg.1-5etch4 of gs-gpl and 8.15.3.dfsg.1-1etch4 of gs-esp.
For the old stable distribution (sarge), this problem has been fixed in version 8.01-6 of gs-gpl and 7.07.1-9sarge1 of gs-esp.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your gs-esp and gs-gpl packages.
MD5 checksums of the listed files are available in the original advisory.