Bug#561717: gs-gpl: open security issues in etch
Package: gs-gpl
Version: 8.54.dfsg.1-5
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ghostscript. gs-gpl is the source package for
ghostscript in etch. I have not determined whether the vulnerable code
related to these CVEs is present there, but it is very likely. Please
check and work with the security team to release updates.
CVE-2007-2721[0]:
| The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer
| JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted
| attackers to cause a denial of service (crash) and possibly corrupt
| the heap via malformed image files, as originally demonstrated using
| imagemagick convert.
CVE-2007-6725[1]:
| The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly
| other versions, allows remote attackers to cause a denial of service
| (crash) and possibly execute arbitrary code via a crafted PDF file
| that triggers a buffer underflow in the cf_decode_2d function.
CVE-2008-3520[2]:
| Multiple integer overflows in JasPer 1.900.1 might allow
| context-dependent attackers to have an unknown impact via a crafted
| image file, related to integer multiplication for memory allocation.
CVE-2008-3522[3]:
| Buffer overflow in the jas_stream_printf function in
| libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
| context-dependent attackers to have an unknown impact via vectors
| related to the mif_hdr_put function and use of vsprintf.
CVE-2008-6679[4]:
| Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and
| possibly other versions, allows remote attackers to cause a denial of
| service (ps2pdf crash) and possibly execute arbitrary code via a
| crafted Postscript file.
CVE-2009-0196[5]:
| Heap-based buffer overflow in the big2_decode_symbol_dict function
| (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in
| Ghostscript 8.64, and probably earlier versions, allows remote
| attackers to execute arbitrary code via a PDF file with a JBIG2 symbol
| dictionary segment with a large run length value.
CVE-2009-0792[6]:
| Multiple integer overflows in icc.c in the International Color
| Consortium (ICC) Format library (aka icclib), as used in Ghostscript
| 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and
| earlier, allow context-dependent attackers to cause a denial of
| service (heap-based buffer overflow and application crash) or possibly
| execute arbitrary code by using a device file for a translation
| request that operates on a crafted image file and targets a certain
| "native color space," related to an ICC profile in a (1) PostScript or
| (2) PDF file with embedded images. NOTE: this issue exists because of
| an incomplete fix for CVE-2009-0583.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721
http://security-tracker.debian.org/tracker/CVE-2007-2721
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://security-tracker.debian.org/tracker/CVE-2007-6725
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://security-tracker.debian.org/tracker/CVE-2008-3520
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
http://security-tracker.debian.org/tracker/CVE-2008-3522
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
http://security-tracker.debian.org/tracker/CVE-2008-6679
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
http://security-tracker.debian.org/tracker/CVE-2009-0196
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
http://security-tracker.debian.org/tracker/CVE-2009-0792
Reply to: