CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0411
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2004-0967 – temporary file vulnerabilities in various ghostscript scripts.
https://notcve.org/view.php?id=CVE-2004-0967
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321 http://secunia.com/advisories/16997 http://secunia.com/advisories/17135 http://secunia.com/advisories/19799 http://secunia.com/advisories/20056 http://www.redhat.com/support/errata/RHSA-2005-081.html http://www.securityfocus.com/bid/11285 http://www.trustix.org • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2002-0363
https://notcve.org/view.php?id=CVE-2002-0363
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html http://www.iss.net/security_center/static/9254.php http://www.redhat.com/support/errata/RHSA-2002-083.html http://www.redhat.com/support/errata/RHSA-2002-123.html http://www.redhat.com/support/errata/RHSA-2003-209.html http://www.securityfocus.com/bid/49 •
CVE-2001-1353
https://notcve.org/view.php?id=CVE-2001-1353
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. • http://archives.neohapsis.com/archives/hp/2001-q4/0069.html http://marc.info/?l=lprng&m=100083210910857&w=2 http://rhn.redhat.com/errata/RHSA-2001-112.html http://www.redhat.com/support/errata/RHSA-2001-138.html •
CVE-2000-1163
https://notcve.org/view.php?id=CVE-2000-1163
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt http://www.debian.org/security/2000/20001123 http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 http://www.securityfocus.com/bid/1991 https://exchange.xforce.ibmcloud.com/vulnerabilities/5564 •