Vulnerability Description
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 3.1 |
| Mandrakesoft | Mandrake Linux | 2007 |
| Mandrakesoft | Mandrake Linux Corporate Server | 3.0 |
| Mandrakesoft | Mandrakesoft Corporate Server | 3.0_x86_64 |
| Redhat | Desktop | 3.0 |
| Redhat | Enterprise Linux | 5 |
| Redhat | Enterprise Linux Desktop | 5 |
| Redhat | Enterprise Linux Desktop Workstation | 5 |
| Rpath | Rpath Linux | 1 |
| Suse | Novell Linux Pos | 9 |
| Suse | Open Suse | 10.2 |
| Suse | Suse Linux | 9.0 |
| Suse | Suse Open Enterprise Server | 0 |
| Ghostscript | Ghostscript | <= 8.61 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.htmlMailing ListThird Party Advisory
- http://scary.beasts.org/security/CESA-2008-001.htmlExploit
- http://secunia.com/advisories/29101URL Repurposed
- http://secunia.com/advisories/29103URL Repurposed
- http://secunia.com/advisories/29112URL Repurposed
- http://secunia.com/advisories/29135URL Repurposed
- http://secunia.com/advisories/29147URL Repurposed
- http://secunia.com/advisories/29154URL Repurposed
- http://secunia.com/advisories/29169URL Repurposed
- http://secunia.com/advisories/29196URL Repurposed
- http://secunia.com/advisories/29314URL Repurposed
- http://secunia.com/advisories/29768URL Repurposed
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackwareMailing List
- http://wiki.rpath.com/Advisories:rPSA-2008-0082Broken Link
- http://www.debian.org/security/2008/dsa-1510Patch
FAQ
What is CVE-2008-0411?
CVE-2008-0411 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range...
How severe is CVE-2008-0411?
CVE-2008-0411 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0411?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Mandrakesoft Mandrake Linux, Mandrakesoft Mandrake Linux Corporate Server, Mandrakesoft Mandrakesoft Corporate Server, Redhat Desktop.