Buffer Overflow Vulnerability in Ghostscript Affects Multiple Versions
CVE-2009-4897

Currently unrated

Key Information:

Vendor: Artifex
Status: Gpl Ghostscript; Afpl Ghostscript; Ghostscript Fonts
Vendor: CVE Published:; 22 July 2010

Summary

A buffer overflow vulnerability exists in Ghostscript that can be exploited by remote attackers using specially crafted PDF documents. Specifically, the flaw is located in the 'iscan.c' file and can lead to arbitrary code execution or cause a denial of service due to memory corruption when handling long names within PDF files. This vulnerability poses a significant risk to systems running affected versions of Ghostscript if they process untrusted or malicious PDF content.

References

http://security.gentoo.org/glsa/glsa-201412-17.xml

vendor-advisoryx_refsource_GENTOO

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.osvdb.org/66277

vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 22, 2010
Vulnerability Reserved
Jun 15, 2010