FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fc1f6658-4f53-11e5-934b-002590263bf5ghostscript -- denial of service (crash) via crafted Postscript files

MITRE reports:

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.


Discovery 2015-06-17
Entry 2015-09-01
Modified 2015-09-02
ghostscript7
ghostscript7-nox11
ghostscript7-base
ghostscript7-x11
< 7.07_32

ghostscript8
ghostscript8-nox11
ghostscript8-base
ghostscript8-x11
< 8.71_19

ghostscript9
ghostscript9-nox11
ghostscript9-base
ghostscript9-x11
< 9.06_11

ghostscript9-agpl
ghostscript9-agpl-nox11
< 9.15_2

ghostscript9-agpl-base
ghostscript9-agpl-x11
< 9.16_2

CVE-2015-3228
http://bugs.ghostscript.com/show_bug.cgi?id=696041
http://bugs.ghostscript.com/show_bug.cgi?id=696070
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
f0f97b94-3f95-11de-a3fd-0030843d3802ghostscript -- buffer overflow vulnerability

SecurityFocus reports:

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.


Discovery 2009-02-03
Entry 2009-05-13
ghostscript8
ghostscript8-nox11
< 8.64

34340
CVE-2008-6679