CVE-2008-0411

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
ghostscriptghostscript
𝑥
≤ 8.61
ghostscriptghostscript
8.0.1
ghostscriptghostscript
8.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
sid
10.04.0~dfsg-1
fixed
trixie
10.04.0~dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ghostscript
gutsy
Fixed 8.61.dfsg.1~svn8187-0ubuntu3.4
released
feisty
dne
edgy
dne
dapper
dne
gs-esp
gutsy
dne
feisty
Fixed 8.15.4.dfsg.1-0ubuntu1.1
released
edgy
Fixed 8.15.2.dfsg.0ubuntu1-0ubuntu4.1
released
dapper
Fixed 8.15.2.dfsg.0ubuntu1-0ubuntu1.1
released
gs-gpl
gutsy
dne
feisty
Fixed 8.54.dfsg.1-5ubuntu0.2
released
edgy
Fixed 8.50-1.1ubuntu1.2
released
dapper
Fixed 8.15-4ubuntu3.1
released
References