// For flags

CVE-2008-6679

ghostscript: Buffer overflow in BaseFont writer module for pdfwrite device

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.

Desbordamiento de búfer en el módulo de escritura BaseFont en Ghostscript v8.62, y posiblemente otras versiones, permite a atacantes remotos provocar una denegación de servicio (caída ps2pdf) y posiblemente ejecución de código arbitrario a través de un fichero Postscript.

Several security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter, which might lead to the execution of arbitrary code if a user processes a malformed PDF or Postscript file.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-04-08 CVE Reserved
  • 2009-04-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (21)
URL Tag Source
http://bugs.ghostscript.com/show_bug.cgi?id=690211 X_refsource_confirm
http://secunia.com/advisories/34667 Third Party Advisory
http://secunia.com/advisories/34729 Third Party Advisory
http://secunia.com/advisories/34732 Third Party Advisory
http://secunia.com/advisories/35416 Third Party Advisory
http://secunia.com/advisories/35559 Third Party Advisory
http://secunia.com/advisories/35569 Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2009-0060 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2009/04/01/10 Mailing List
http://www.securityfocus.com/archive/1/502757/100/0/threaded Mailing List
http://www.vupen.com/english/advisories/2009/1708 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html 2018-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 2018-10-11
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 2018-10-11
http://www.redhat.com/support/errata/RHSA-2009-0421.html 2018-10-11
https://bugzilla.redhat.com/show_bug.cgi?id=493445 2009-04-14
https://usn.ubuntu.com/757-1 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html 2018-10-11
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html 2018-10-11
https://access.redhat.com/security/cve/CVE-2008-6679 2009-04-14
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ghostscript
Search vendor "Ghostscript"
 Ghostscript
Search vendor "Ghostscript" for product "Ghostscript"
 8.62
Search vendor "Ghostscript" for product "Ghostscript" and version "8.62"
-
Affected