CVE-2008-0411

Published: Feb 28, 2008Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Affected (4)

Products: Ghostscript: Ghostscript

Ghostscript

1 product

Ghostscript

Configuration A

1 vulnerable · 32 platform

Vulnerable Software	Affected Versions
Ghostscript Ghostscript	Up to 8.61

Running on/with	Platform Versions
Mandrakesoft Mandrake Linux	Version 2007.0_x86_64
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007
Mandrakesoft Mandrake Linux	Version 2008.0
Mandrakesoft Mandrake Linux	Version 2008.0
Mandrakesoft Mandrake Linux Corporate Server	Version 3.0
Mandrakesoft Mandrake Linux Corporate Server	Version 4.0
Mandrakesoft Mandrakesoft Corporate Server	Version 3.0_x86_64
Mandrakesoft Mandrakesoft Corporate Server	Version 4.0_x86_64
Redhat Desktop	Version 3.0
Redhat Desktop	Version 4.0
Redhat Enterprise Linux	Version 5
Redhat Enterprise Linux	Version as_3
Redhat Enterprise Linux	Version as_4
Redhat Enterprise Linux	Version es_3
Redhat Enterprise Linux	Version es_4
Redhat Enterprise Linux	Version ws_3
Redhat Enterprise Linux	Version ws_4
Redhat Enterprise Linux Desktop	Version 5
Redhat Enterprise Linux Desktop Workstation	Version 5
Rpath Rpath Linux	Version 1
Suse Novell Linux Pos	Version 9
Suse Open Suse	Version 10.2
Suse Open Suse	Version 10.3
Suse Suse Linux	Version 10.1
Suse Suse Linux	Version 10.1
Suse Suse Linux	Version 10.1
Suse Suse Linux	Version 10 sp1
Suse Suse Linux	Version 10 sp1
Suse Suse Linux	Version 9.0
Suse Suse Open Enterprise Server	Version 0

Configuration B

3 vulnerable · 26 platform

Vulnerable Software	Affected Versions
Ghostscript Ghostscript	Version 0
Ghostscript Ghostscript	Version 8.0.1
Ghostscript Ghostscript	Version 8.15

Running on/with	Platform Versions
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 3.1
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 4.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (54)

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://scary.beasts.org/security/CESA-2008-001.html

Source: secalert@redhat.com

Exploit

http://secunia.com/advisories/29101

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29103

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29112

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29135

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29147

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29154

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29169

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29196

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29314

Source: secalert@redhat.com

URL Repurposed

http://secunia.com/advisories/29768

Source: secalert@redhat.com

URL Repurposed

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.370633

Source: secalert@redhat.com

Mailing List

http://wiki.rpath.com/Advisories:rPSA-2008-0082

Source: secalert@redhat.com

Broken Link

http://www.debian.org/security/2008/dsa-1510

Source: secalert@redhat.com

Patch

http://www.gentoo.org/security/en/glsa/glsa-200803-14.xml

Source: secalert@redhat.com

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2008:055

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0155.html

Source: secalert@redhat.com

URL Repurposed

http://www.securityfocus.com/archive/1/488932/100/0/threaded

Source: secalert@redhat.com

Broken LinkVDB Entry

http://www.securityfocus.com/archive/1/488946/100/0/threaded

Source: secalert@redhat.com

Broken LinkVDB Entry

http://www.securityfocus.com/bid/28017

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1019511

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-599-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2008/0693/references

Source: secalert@redhat.com

Not Applicable

https://issues.rpath.com/browse/RPL-2217

Source: secalert@redhat.com

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9557

Source: secalert@redhat.com

Broken Link

https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00085.html

Source: secalert@redhat.com

Release NotesThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html