thr3ads.net - Secure testing team - [Secure-testing-team] Bug#584516: CVE-2010-1628: allows context-dependent attackers to execute arbitrary code [Jun 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Jun-04 08:40 UTC

[Secure-testing-team] Bug#584516: CVE-2010-1628: allows context-dependent attackers to execute arbitrary code

Package: ghostscript
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ghostscript.

CVE-2010-1628[0]:
| Ghostscript 8.64, 8.70, and possibly other versions allows
| context-dependent attackers to execute arbitrary code via a PostScript
| file containing unlimited recursive procedure invocations, which
| trigger memory corruption in the stack of the interpreter.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1628
    http://security-tracker.debian.org/tracker/CVE-2010-1628


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwIu/0ACgkQNxpp46476aqSZwCgiYQSz4A8fTVRECgr8yK/+iot
FmwAnAwm+dN/IMETZLh76xRufiD6Z/xS
=+7ZU
-----END PGP SIGNATURE-----

Secure testing team - Jun 2010 - Bug#584516: CVE-2010-1628: allows context-dependent attackers to execute arbitrary code

[Secure-testing-team] Bug#584516: CVE-2010-1628: allows context-dependent attackers to execute arbitrary code