CVE-2008-0411

Name of the Vulnerable Software and Affected Versions Ghostscript versions 8.61 and earlier

Description The issue allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. This is due to a stack-based buffer overflow in the zseticcspace function in zicc.c.

Recommendations For Ghostscript versions 8.61 and earlier, update to a version later than 8.61 to resolve the issue. As a temporary workaround, consider restricting the use of postscript files or disabling the zseticcspace function until a patch is available. Avoid using the .seticcspace operator with long Range arrays in postscript files until the issue is resolved.