Published: 28/02/2008 Updated: 16/02/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and previous versions allows remote malicious users to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ghostscript ghostscript
ghostscript ghostscript 0
ghostscript ghostscript 8.0.1
ghostscript ghostscript 8.15

Debian Bug report logs - #468190 ghostscript: CVE-2008-0411 buffer overflow via crafted ps file Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: ...

Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program (CVE-2008-0411) ...

Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file For the stable distribution (etch), this problem has been fixed in version 854dfsg1-5etch1 of gs-gpl and 8153dfsg ...

source: wwwsecurityfocuscom/bid/28017/info Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application Failed exploit attempts will cause denia ...

CWE-119 http://scary.beasts.org/security/CESA-2008-001.html http://www.debian.org/security/2008/dsa-1510 http://www.redhat.com/support/errata/RHSA-2008-0155.html http://www.securityfocus.com/bid/28017 https://issues.rpath.com/browse/RPL-2217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:055 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29147 http://secunia.com/advisories/29169 http://wiki.rpath.com/Advisories:rPSA-2008-0082 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.370633 http://www.securitytracker.com/id?1019511 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29196 http://secunia.com/advisories/29154 http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml http://secunia.com/advisories/29314 http://www.ubuntu.com/usn/usn-599-1 http://secunia.com/advisories/29768 http://www.vupen.com/english/advisories/2008/0693/references https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557 http://www.securityfocus.com/archive/1/488946/100/0/threaded http://www.securityfocus.com/archive/1/488932/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468190 https://usn.ubuntu.com/599-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/31309/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0411

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect