CVE-2008-0411
gs-esp gs-gpl - arbitrary code execution
EPSS 15.3%
Description
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.
How to fix CVE-2008-0411
To remediate CVE-2008-0411, upgrade the affected package to a fixed version below.
- Debian/ghostscript—upgrade to 8.61.dfsg.1-1.1 or later
- Debian/gs-esp—upgrade to 7.07.1-9sarge1 or later
- Debian/gs-gpl—upgrade to 8.01-6 or later
Is CVE-2008-0411 being exploited?
Moderate — EPSS is 15.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 8.61.dfsg.1-1.1
- from 0, < 7.07.1-9sarge1
- from 0, < 8.01-6