CVE-2009-0584 – argyllcms: Multiple insufficient upper-bounds checks on certain sizes in the International Color Consortium Format Library
https://notcve.org/view.php?id=CVE-2009-0584
icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. icc.c, perteneciente a la librería de formatos del International Color Consortium (ICC) (alias icclib), tal y como se utiliza en Ghostscript 8.64 y anteriores y Argyll Color Management System (CMS) 1.0.3 y anteriores, permite causar una denegación de servicio (con caída de la aplicación) a atacantes dependientes de contexto, o posiblemente ejecutar código arbitrario por medio de un fichero de dispositivo diseñado para procesar archivos de imagen con modificaciones relacionadas con valores enteros grandes para determinados tamaños, en relación con un perfil ICC en un (1) PostScript o (2) un archivo PDF con imágenes incrustadas. • http://bugs.gentoo.org/show_bug.cgi?id=261087 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://osvdb.org/52988 http://secunia.com/advisories/34266 http://secunia.com/advisories/34373 http://secunia.com/advisories/34381 http://secunia.com/advisories/34393 http://secunia.com/advisories/34398 http://secunia.com/advisories/34418 http://secunia.com/advisories/34437 http://secunia.com/advisories/34443 http://secunia.com/advisories/34469 http: • CWE-189: Numeric Errors •
CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2002-0363
https://notcve.org/view.php?id=CVE-2002-0363
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html http://www.iss.net/security_center/static/9254.php http://www.redhat.com/support/errata/RHSA-2002-083.html http://www.redhat.com/support/errata/RHSA-2002-123.html http://www.redhat.com/support/errata/RHSA-2003-209.html http://www.securityfocus.com/bid/49 •
CVE-2001-1353
https://notcve.org/view.php?id=CVE-2001-1353
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. • http://archives.neohapsis.com/archives/hp/2001-q4/0069.html http://marc.info/?l=lprng&m=100083210910857&w=2 http://rhn.redhat.com/errata/RHSA-2001-112.html http://www.redhat.com/support/errata/RHSA-2001-138.html •
CVE-1999-0155
https://notcve.org/view.php?id=CVE-1999-0155
The ghostscript command with the -dSAFER option allows remote attackers to execute commands. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155 •