ID de Prueba:	1.3.6.1.4.1.25623.1.0.900540
Categoría:	Buffer overflow
Título:	Ghostscript Multiple Buffer Overflow Vulnerabilities - Windows
Resumen:	Ghostscript is prone to a buffer overflow vulnerability.
Descripción:	Summary: Ghostscript is prone to a buffer overflow vulnerability. Vulnerability Insight: These flaws arise due to: - a boundary error in the jbig2_symbol_dict.c() function in the JBIG2 decoding library (jbig2dec) while decoding JBIG2 symbol dictionary segments. - multiple integer overflows in icc.c in the ICC Format library while processing malformed PDF and PostScript files with embedded images. Vulnerability Impact: Successful exploitation allows the attacker to execute arbitrary code in the context of the affected application and can cause denial of service. Affected Software/OS: Ghostscript version 8.64 and prior on Windows. Solution: Upgrade to Ghostscript version 8.71 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0792 20090417 rPSA-2009-0060-1 ghostscript http://www.securityfocus.com/archive/1/502757/100/0/threaded 262288 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 34373 http://secunia.com/advisories/34373 34667 http://secunia.com/advisories/34667 34711 http://secunia.com/advisories/34711 34726 http://secunia.com/advisories/34726 34729 http://secunia.com/advisories/34729 34732 http://secunia.com/advisories/34732 35416 http://secunia.com/advisories/35416 35559 http://secunia.com/advisories/35559 35569 http://secunia.com/advisories/35569 ADV-2009-1708 http://www.vupen.com/english/advisories/2009/1708 FEDORA-2009-3430 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html FEDORA-2009-3435 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html FEDORA-2009-3709 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html FEDORA-2009-3710 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 MDVSA-2009:096 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 RHSA-2009:0420 http://www.redhat.com/support/errata/RHSA-2009-0420.html RHSA-2009:0421 http://www.redhat.com/support/errata/RHSA-2009-0421.html SUSE-SR:2009:009 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html SUSE-SR:2009:011 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html USN-757-1 https://usn.ubuntu.com/757-1/ ghostscript-icc-bo(50381) https://exchange.xforce.ibmcloud.com/vulnerabilities/50381 http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm http://wiki.rpath.com/Advisories:rPSA-2009-0060 https://bugzilla.redhat.com/show_bug.cgi?id=491853 oval:org.mitre.oval:def:11207 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207 Common Vulnerability Exposure (CVE) ID: CVE-2009-0196 BugTraq ID: 34445 http://www.securityfocus.com/bid/34445 Bugtraq: 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/502586/100/0/threaded Bugtraq: 20090417 rPSA-2009-0060-1 ghostscript (Google Search) http://secunia.com/secunia_research/2009-21/ https://bugzilla.redhat.com/attachment.cgi?id=337747 http://osvdb.org/53492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533 http://www.securitytracker.com/id?1022029 http://secunia.com/advisories/34292 SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://www.vupen.com/english/advisories/2009/0983
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.