FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fc1f6658-4f53-11e5-934b-002590263bf5	ghostscript -- denial of service (crash) via crafted Postscript files MITRE reports: Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. Discovery 2015-06-17 Entry 2015-09-01 Modified 2015-09-02 ghostscript7 ghostscript7-nox11 ghostscript7-base ghostscript7-x11 < 7.07_32 ghostscript8 ghostscript8-nox11 ghostscript8-base ghostscript8-x11 < 8.71_19 ghostscript9 ghostscript9-nox11 ghostscript9-base ghostscript9-x11 < 9.06_11 ghostscript9-agpl ghostscript9-agpl-nox11 < 9.15_2 ghostscript9-agpl-base ghostscript9-agpl-x11 < 9.16_2 CVE-2015-3228 http://bugs.ghostscript.com/show_bug.cgi?id=696041 http://bugs.ghostscript.com/show_bug.cgi?id=696070 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
f0f97b94-3f95-11de-a3fd-0030843d3802	ghostscript -- buffer overflow vulnerability SecurityFocus reports: Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers. Discovery 2009-02-03 Entry 2009-05-13 ghostscript8 ghostscript8-nox11 < 8.64 34340 CVE-2008-6679

VuXML ID

Description

fc1f6658-4f53-11e5-934b-002590263bf5

ghostscript -- denial of service (crash) via crafted Postscript files

MITRE reports:

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.

Discovery 2015-06-17
Entry 2015-09-01
Modified 2015-09-02
ghostscript7
ghostscript7-nox11
ghostscript7-base
ghostscript7-x11

< 7.07_32

ghostscript8
ghostscript8-nox11
ghostscript8-base
ghostscript8-x11

< 8.71_19

ghostscript9
ghostscript9-nox11
ghostscript9-base
ghostscript9-x11

< 9.06_11

ghostscript9-agpl
ghostscript9-agpl-nox11

< 9.15_2

ghostscript9-agpl-base
ghostscript9-agpl-x11

< 9.16_2

CVE-2015-3228
http://bugs.ghostscript.com/show_bug.cgi?id=696041
http://bugs.ghostscript.com/show_bug.cgi?id=696070
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859

f0f97b94-3f95-11de-a3fd-0030843d3802

ghostscript -- buffer overflow vulnerability

SecurityFocus reports:

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

Discovery 2009-02-03
Entry 2009-05-13
ghostscript8
ghostscript8-nox11

< 8.64

34340
CVE-2008-6679