Vulnerability Details : CVE-2007-6725
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2007-6725
- cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6725
5.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6725
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-6725
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6725
-
https://bugzilla.redhat.com/show_bug.cgi?id=493442
493442 – (CVE-2007-6725) CVE-2007-6725 ghostscript: DoS (crash) in CCITTFax decoding filterExploit
-
http://www.redhat.com/support/errata/RHSA-2009-0420.html
Support
-
http://www.securityfocus.com/archive/1/502757/100/0/threaded
-
https://bugzilla.redhat.com/show_bug.cgi?id=229174
229174 – ghostscript dumps core when processing .pdf fileExploit
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://support.avaya.com/elmodocs2/security/ASA-2009-155.htm
ASA-2009-155 (RHSA-2009-0420)
-
http://www.securityfocus.com/bid/34337
-
http://www.openwall.com/lists/oss-security/2009/04/01/10
oss-security - CVE request -- ghostscript
-
http://www.vupen.com/english/advisories/2009/1708
Site en construction
-
https://usn.ubuntu.com/757-1/
404: Page not found | Ubuntu
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:096
Mandriva
-
http://www.mail-archive.com/fedora-package-announce@redhat.com/msg11830.html
-
http://www.redhat.com/support/errata/RHSA-2009-0421.html
Support
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9507
404 Not Found
-
http://wiki.rpath.com/Advisories:rPSA-2009-0060
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:095
Mandriva
Jump to