Vulnerability Details : CVE-2008-6679
Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and possibly other versions, allows remote attackers to cause a denial of service (ps2pdf crash) and possibly execute arbitrary code via a crafted Postscript file.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-6679
Probability of exploitation activity in the next 30 days: 14.67%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-6679
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-6679
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-6679
- http://www.securityfocus.com/archive/1/502757/100/0/threaded
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 - openSUSE Security Announce - openSUSE Mailing Lists
- http://www.openwall.com/lists/oss-security/2009/04/01/10
- http://www.vupen.com/english/advisories/2009/1708
- https://usn.ubuntu.com/757-1/
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10019
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
-
http://bugs.ghostscript.com/show_bug.cgi?id=690211
-
https://bugzilla.redhat.com/show_bug.cgi?id=493445
- http://www.redhat.com/support/errata/RHSA-2009-0421.html
- http://wiki.rpath.com/Advisories:rPSA-2009-0060
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Products affected by CVE-2008-6679
- cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*