6.8

CVE-2008-0411

Exploit

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Data is provided by the National Vulnerability Database (NVD)
GhostscriptGhostscript Version <= 8.61
   DebianDebian Linux Version3.1
   DebianDebian Linux Version3.1 Editionalpha
   DebianDebian Linux Version3.1 Editionamd64
   DebianDebian Linux Version3.1 Editionarm
   DebianDebian Linux Version3.1 Editionhppa
   DebianDebian Linux Version3.1 Editionia-32
   DebianDebian Linux Version3.1 Editionia-64
   DebianDebian Linux Version3.1 Editionm68k
   DebianDebian Linux Version3.1 Editionmips
   DebianDebian Linux Version3.1 Editionmipsel
   DebianDebian Linux Version3.1 Editionppc
   DebianDebian Linux Version3.1 Editions-390
   DebianDebian Linux Version3.1 Editionsparc
   DebianDebian Linux Version4.0
   DebianDebian Linux Version4.0 Editionalpha
   DebianDebian Linux Version4.0 Editionamd64
   DebianDebian Linux Version4.0 Editionarm
   DebianDebian Linux Version4.0 Editionhppa
   DebianDebian Linux Version4.0 Editionia-32
   DebianDebian Linux Version4.0 Editionia-64
   DebianDebian Linux Version4.0 Editionm68k
   DebianDebian Linux Version4.0 Editionmips
   DebianDebian Linux Version4.0 Editionmipsel
   DebianDebian Linux Version4.0 Editionpowerpc
   DebianDebian Linux Version4.0 Editions-390
   DebianDebian Linux Version4.0 Editionsparc
   MandrakesoftMandrake Linux Version2007
   MandrakesoftMandrake Linux Version2007.0_x86_64
   MandrakesoftMandrake Linux Version2007.1
   MandrakesoftMandrake Linux Version2007.1 Editionx86_64
   MandrakesoftMandrake Linux Version2008.0
   MandrakesoftMandrake Linux Version2008.0 Editionx86_64
   MandrakesoftMandrake Linux Corporate Server Version3.0
   MandrakesoftMandrake Linux Corporate Server Version4.0
   MandrakesoftMandrakesoft Corporate Server Version3.0_x86_64
   MandrakesoftMandrakesoft Corporate Server Version4.0_x86_64
   RedhatDesktop Version3.0
   RedhatDesktop Version4.0
   RedhatEnterprise Linux Version5 Editionserver
   RedhatEnterprise Linux Versionas_3
   RedhatEnterprise Linux Versionas_4
   RedhatEnterprise Linux Versiones_3
   RedhatEnterprise Linux Versiones_4
   RedhatEnterprise Linux Versionws_3
   RedhatEnterprise Linux Versionws_4
   RedhatEnterprise Linux Desktop Version5 Editionclient
   RedhatEnterprise Linux Desktop Workstation Version5 Editionclient
   RpathRpath Linux Version1
   SuseNovell Linux Pos Version9
   SuseOpen Suse Version10.2
   SuseOpen Suse Version10.3
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version10 Updatesp1 Editionenterprise_desktop
   SuseSuse Linux Version10 Updatesp1 Editionenterprise_server
   SuseSuse Linux Version10.1 Editionppc
   SuseSuse Linux Version10.1 Editionx86
   SuseSuse Linux Version10.1 Editionx86_64
   SuseSuse Open Enterprise Server Version0
GhostscriptGhostscript Version0
   DebianDebian Linux Version3.1
   DebianDebian Linux Version3.1 Editionalpha
   DebianDebian Linux Version3.1 Editionamd64
   DebianDebian Linux Version3.1 Editionarm
   DebianDebian Linux Version3.1 Editionhppa
   DebianDebian Linux Version3.1 Editionia-32
   DebianDebian Linux Version3.1 Editionia-64
   DebianDebian Linux Version3.1 Editionm68k
   DebianDebian Linux Version3.1 Editionmips
   DebianDebian Linux Version3.1 Editionmipsel
   DebianDebian Linux Version3.1 Editionppc
   DebianDebian Linux Version3.1 Editions-390
   DebianDebian Linux Version3.1 Editionsparc
   DebianDebian Linux Version4.0
   DebianDebian Linux Version4.0 Editionalpha
   DebianDebian Linux Version4.0 Editionamd64
   DebianDebian Linux Version4.0 Editionarm
   DebianDebian Linux Version4.0 Editionhppa
   DebianDebian Linux Version4.0 Editionia-32
   DebianDebian Linux Version4.0 Editionia-64
   DebianDebian Linux Version4.0 Editionm68k
   DebianDebian Linux Version4.0 Editionmips
   DebianDebian Linux Version4.0 Editionmipsel
   DebianDebian Linux Version4.0 Editionpowerpc
   DebianDebian Linux Version4.0 Editions-390
   DebianDebian Linux Version4.0 Editionsparc
GhostscriptGhostscript Version8.0.1
   DebianDebian Linux Version3.1
   DebianDebian Linux Version3.1 Editionalpha
   DebianDebian Linux Version3.1 Editionamd64
   DebianDebian Linux Version3.1 Editionarm
   DebianDebian Linux Version3.1 Editionhppa
   DebianDebian Linux Version3.1 Editionia-32
   DebianDebian Linux Version3.1 Editionia-64
   DebianDebian Linux Version3.1 Editionm68k
   DebianDebian Linux Version3.1 Editionmips
   DebianDebian Linux Version3.1 Editionmipsel
   DebianDebian Linux Version3.1 Editionppc
   DebianDebian Linux Version3.1 Editions-390
   DebianDebian Linux Version3.1 Editionsparc
   DebianDebian Linux Version4.0
   DebianDebian Linux Version4.0 Editionalpha
   DebianDebian Linux Version4.0 Editionamd64
   DebianDebian Linux Version4.0 Editionarm
   DebianDebian Linux Version4.0 Editionhppa
   DebianDebian Linux Version4.0 Editionia-32
   DebianDebian Linux Version4.0 Editionia-64
   DebianDebian Linux Version4.0 Editionm68k
   DebianDebian Linux Version4.0 Editionmips
   DebianDebian Linux Version4.0 Editionmipsel
   DebianDebian Linux Version4.0 Editionpowerpc
   DebianDebian Linux Version4.0 Editions-390
   DebianDebian Linux Version4.0 Editionsparc
GhostscriptGhostscript Version8.15
   DebianDebian Linux Version3.1
   DebianDebian Linux Version3.1 Editionalpha
   DebianDebian Linux Version3.1 Editionamd64
   DebianDebian Linux Version3.1 Editionarm
   DebianDebian Linux Version3.1 Editionhppa
   DebianDebian Linux Version3.1 Editionia-32
   DebianDebian Linux Version3.1 Editionia-64
   DebianDebian Linux Version3.1 Editionm68k
   DebianDebian Linux Version3.1 Editionmips
   DebianDebian Linux Version3.1 Editionmipsel
   DebianDebian Linux Version3.1 Editionppc
   DebianDebian Linux Version3.1 Editions-390
   DebianDebian Linux Version3.1 Editionsparc
   DebianDebian Linux Version4.0
   DebianDebian Linux Version4.0 Editionalpha
   DebianDebian Linux Version4.0 Editionamd64
   DebianDebian Linux Version4.0 Editionarm
   DebianDebian Linux Version4.0 Editionhppa
   DebianDebian Linux Version4.0 Editionia-32
   DebianDebian Linux Version4.0 Editionia-64
   DebianDebian Linux Version4.0 Editionm68k
   DebianDebian Linux Version4.0 Editionmips
   DebianDebian Linux Version4.0 Editionmipsel
   DebianDebian Linux Version4.0 Editionpowerpc
   DebianDebian Linux Version4.0 Editions-390
   DebianDebian Linux Version4.0 Editionsparc
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 19.48% 0.952
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/28017
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1019511
Third Party Advisory
VDB Entry