ghostscript
Page content
- Author: vmiklos
- Vulnerable: 8.61-1
- Unaffected: 8.62-1kalgan1
Chris Evans has reported a vulnerability in Ghostscript, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “zseticcspace()” function in zicc.c. This can be exploited to cause a stack-based buffer overflow via an overly large “Range” array. Successful exploitation allows execution of arbitrary code.
- Bug Tracker URL: http://bugs.frugalware.org/task/2823