package: ghostscript severity: grave tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) ids were published for ghostscript. CVE-2007-6725[0]: | The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly | other versions, allows remote attackers to cause a denial of service | (crash) and possibly execute arbitrary code via a crafted PDF file | that triggers a buffer underflow in the cf_decode_2d function. CVE-2008-6679[1]: | Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and | possibly other versions, allows remote attackers to cause a denial of | service (ps2pdf crash) and possibly execute arbitrary code via a | crafted Postscript file. CVE-2009-0196[2]: | Heap-based buffer overflow in the big2_decode_symbol_dict function | (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in | Ghostscript 8.64, and probably earlier versions, allows remote | attackers to execute arbitrary code via a PDF file with a JBIG2 symbol | dictionary segment with a large run length value. Please coordinate with the security team (t...@security.debian.org) to prepare fixes for the stable releases. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725 http://security-tracker.debian.net/tracker/CVE-2007-6725 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679 http://security-tracker.debian.net/tracker/CVE-2008-6679 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196 http://security-tracker.debian.net/tracker/CVE-2009-0196 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
