CVE-2008-0411

Publication date 28 February 2008

Last updated 24 July 2024

Ubuntu priority

Description

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gs-esp	7.10 gutsy	Not in release
	7.04 feisty	Fixed 8.15.4.dfsg.1-0ubuntu1.1
	6.10 edgy	Fixed 8.15.2.dfsg.0ubuntu1-0ubuntu4.1
	6.06 LTS dapper	Fixed 8.15.2.dfsg.0ubuntu1-0ubuntu1.1
ghostscript	7.10 gutsy	Fixed 8.61.dfsg.1~svn8187-0ubuntu3.4
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
gs-gpl	7.10 gutsy	Not in release
	7.04 feisty	Fixed 8.54.dfsg.1-5ubuntu0.2
	6.10 edgy	Fixed 8.50-1.1ubuntu1.2
	6.06 LTS dapper	Fixed 8.15-4ubuntu3.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ghostscript	Vendor: https://rhn.redhat.com/errata/RHSA-2008-0155.html Vendor: http://www.debian.org/security/2008/dsa-1510

CVE-2008-0411

Description

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references