A denial of service flaw was found in Ghostscript's CCITTFax decoding filter. An attacker could create a specially-crafted PDF file which could cause Ghostscript to crash, or, potentially execute arbitrary code, when opened by the victim.
Created attachment 337622 [details] PoC proving presence of the flaw
This issue affects all versions of the ghostscript package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6725 to the following vulnerability: The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cf_decode_2d function.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0421 https://rhn.redhat.com/errata/RHSA-2009-0421.html