Red Hat Bugzilla – Bug 493442
CVE-2007-6725 ghostscript: DoS (crash) in CCITTFax decoding filter
Last modified: 2010-07-13 10:26:13 EDT
A denial of service flaw was found in Ghostscript's CCITTFax decoding filter.
An attacker could create a specially-crafted PDF file which could cause Ghostscript to crash, or, potentially execute arbitrary code, when opened
by the victim.
Created attachment 337622 [details]
PoC proving presence of the flaw
This issue affects all versions of the ghostscript package, as shipped
with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6725 to
the following vulnerability:
The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly
other versions, allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted PDF file
that triggers a buffer underflow in the cf_decode_2d function.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0421 https://rhn.redhat.com/errata/RHSA-2009-0421.html