FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fc1f6658-4f53-11e5-934b-002590263bf5ghostscript -- denial of service (crash) via crafted Postscript files

MITRE reports:

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.


Discovery 2015-06-17
Entry 2015-09-01
Modified 2015-09-02
ghostscript7
ghostscript7-nox11
ghostscript7-base
ghostscript7-x11
lt 7.07_32

ghostscript8
ghostscript8-nox11
ghostscript8-base
ghostscript8-x11
lt 8.71_19

ghostscript9
ghostscript9-nox11
ghostscript9-base
ghostscript9-x11
lt 9.06_11

ghostscript9-agpl
ghostscript9-agpl-nox11
lt 9.15_2

ghostscript9-agpl-base
ghostscript9-agpl-x11
lt 9.16_2

CVE-2015-3228
http://bugs.ghostscript.com/show_bug.cgi?id=696041
http://bugs.ghostscript.com/show_bug.cgi?id=696070
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
f0f97b94-3f95-11de-a3fd-0030843d3802ghostscript -- buffer overflow vulnerability

SecurityFocus reports:

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.


Discovery 2009-02-03
Entry 2009-05-13
ghostscript8
ghostscript8-nox11
lt 8.64

34340
CVE-2008-6679