ID de Prueba:	1.3.6.1.4.1.25623.1.0.900542
Categoría:	Buffer overflow
Título:	Ghostscript < 8.71 Multiple Buffer Overflow Vulnerabilities (Linux)
Resumen:	This host is installed with Ghostscript and is prone to; a buffer overflow vulnerability.
Descripción:	Summary: This host is installed with Ghostscript and is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaws are due to: - A boundary error in the jbig2_symbol_dict.c() function in the JBIG2 decoding library (jbig2dec) while decoding JBIG2 symbol dictionary segments. - multiple integer overflows in icc.c in the ICC Format library while processing malformed PDF and PostScript files with embedded images. Vulnerability Impact: Successful exploitation allows an attacker to execute arbitrary code in the context of the affected application and to cause a denial of service. Affected Software/OS: Ghostscript version 8.64 and prior. Solution: Upgrade to Ghostscript version 8.71 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 34445 BugTraq ID: 34184 Common Vulnerability Exposure (CVE) ID: CVE-2009-0792 Bugtraq: 20090417 rPSA-2009-0060-1 ghostscript (Google Search) http://www.securityfocus.com/archive/1/502757/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00211.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00217.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html http://security.gentoo.org/glsa/glsa-201412-17.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:095 http://www.mandriva.com/security/advisories?name=MDVSA-2009:096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11207 http://www.redhat.com/support/errata/RHSA-2009-0420.html http://www.redhat.com/support/errata/RHSA-2009-0421.html http://secunia.com/advisories/34373 http://secunia.com/advisories/34667 http://secunia.com/advisories/34711 http://secunia.com/advisories/34726 http://secunia.com/advisories/34729 http://secunia.com/advisories/34732 http://secunia.com/advisories/35416 http://secunia.com/advisories/35559 http://secunia.com/advisories/35569 http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1 SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html https://usn.ubuntu.com/757-1/ http://www.vupen.com/english/advisories/2009/1708 XForce ISS Database: ghostscript-icc-bo(50381) https://exchange.xforce.ibmcloud.com/vulnerabilities/50381 Common Vulnerability Exposure (CVE) ID: CVE-2009-0196 http://www.securityfocus.com/bid/34445 Bugtraq: 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/502586/100/0/threaded http://secunia.com/secunia_research/2009-21/ https://bugzilla.redhat.com/attachment.cgi?id=337747 http://osvdb.org/53492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533 http://www.securitytracker.com/id?1022029 http://secunia.com/advisories/34292 http://www.vupen.com/english/advisories/2009/0983
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.