oss-sec mailing list archives
Re: (Sort of urgent) CVE request -- ghostscript
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 8 Apr 2009 11:28:50 -0400 (EDT)
====================================================== Name: CVE-2007-6725 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725 Reference: MLIST:[oss-security] 20090401 CVE request -- ghostscript Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/10 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=229174 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=493442 Reference: FEDORA:FEDORA-2008-5699 Reference: URL:http://www.mail-archive.com/fedora-package-announce () redhat com/msg11830.html The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function. ====================================================== Name: CVE-2008-6679 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679 Reference: MLIST:[oss-security] 20090401 CVE request -- ghostscript Reference: URL:http://www.openwall.com/lists/oss-security/2009/04/01/10 Reference: CONFIRM:http://bugs.ghostscript.com/show_bug.cgi?id=690211 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=493445 Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
Current thread:
- CVE request -- ghostscript Jan Lieskovsky (Apr 01)
- Re: CVE request -- ghostscript Robert Buchholz (Apr 02)
- Re: CVE request -- ghostscript Jan Lieskovsky (Apr 02)
- Re: (Sort of urgent) CVE request -- ghostscript Jan Lieskovsky (Apr 08)
- Re: (Sort of urgent) CVE request -- ghostscript Steven M. Christey (Apr 08)
- Re: CVE request -- ghostscript Robert Buchholz (Apr 02)