Buffer Overflow Vulnerability in Ghostscript Affects Multiple Versions
CVE-2009-4897

Currently unrated

Key Information:

Vendor

Artifex
Status
Gpl Ghostscript
Afpl Ghostscript
Ghostscript Fonts
Vendor
CVE Published:
22 July 2010

What is CVE-2009-4897?

A buffer overflow vulnerability exists in Ghostscript that can be exploited by remote attackers using specially crafted PDF documents. Specifically, the flaw is located in the 'iscan.c' file and can lead to arbitrary code execution or cause a denial of service due to memory corruption when handling long names within PDF files. This vulnerability poses a significant risk to systems running affected versions of Ghostscript if they process untrusted or malicious PDF content.

References

http://security.gentoo.org/glsa/glsa-201412-17.xml
vendor-advisoryx_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
http://www.osvdb.org/66277
vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.