FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ghostscript -- buffer overflow vulnerability

Affected packages
ghostscript8 < 8.64
ghostscript8-nox11 < 8.64


VuXML ID f0f97b94-3f95-11de-a3fd-0030843d3802
Discovery 2009-02-03
Entry 2009-05-13

SecurityFocus reports:

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.


Bugtraq ID 34340
CVE Name CVE-2008-6679