Memory Corruption Flaw in Ghostscript Products by Artifex Software
CVE-2010-1628

Currently unrated

Key Information:

Vendor: Artifex
Status: Gpl Ghostscript
Vendor: CVE Published:; 19 May 2010

What is CVE-2010-1628?

Ghostscript versions 8.64 and 8.70 are susceptible to a vulnerability that allows an attacker to execute arbitrary code through specially crafted PostScript files. This can occur due to unlimited recursive procedure invocations, which can cause memory corruption in the stack during execution. Attackers can leverage this flaw for potential remote exploitation, making it critical for users and administrators to apply appropriate security measures and software updates.

References

http://secunia.com/advisories/39753

third-party-advisoryx_refsource_SECUNIA

http://seclists.org/fulldisclosure/2010/May/134

mailing-listx_refsource_FULLDISC

http://security.gentoo.org/glsa/glsa-201412-17.xml

vendor-advisoryx_refsource_GENTOO

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2010
Vulnerability Reserved
Apr 29, 2010