[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Wed, 8 Apr 2009 11:28:50 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com, oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: (Sort of urgent) CVE request -- ghostscript
======================================================
Name: CVE-2007-6725
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
Reference: MLIST:[oss-security] 20090401 CVE request -- ghostscript
Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/10
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=229174
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=493442
Reference: FEDORA:FEDORA-2008-5699
Reference: URL:http://www.mail-archive.com/fedora-package-announce@...hat.com/msg11830.html
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly
other versions, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted PDF file
that triggers a buffer underflow in the cf_decode_2d function.
======================================================
Name: CVE-2008-6679
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
Reference: MLIST:[oss-security] 20090401 CVE request -- ghostscript
Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/10
Reference: CONFIRM:http://bugs.ghostscript.com/show_bug.cgi?id=690211
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=493445
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and
possibly other versions, allows remote attackers to cause a denial of
service (ps2pdf crash) and possibly execute arbitrary code via a
crafted Postscript file.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux