Ghostscript 'iscan.c' PDF Handling Remote Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Ghostscript and is prone to buffer overflow vulnerability.

Impact

Successful exploitation allows the attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. Impact Level: Application

Solution

Upgrade to Ghostscript version 8.71 or later, For updates refer to http://www.ghostscript.com/

Insight

The flaw is due to improper bounds checking by 'iscan.c' when processing malicious 'PDF' files, which leads to open a specially-crafted PDF file.

Affected

Ghostscript version 8.64 and prior

References

http://secunia.com/advisories/40580
http://xforce.iss.net/xforce/xfdb/60380

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4897

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
CursorArts ZipWrangler 'ZIP Processing' Buffer Overflow Vulnerability
Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
Bopup Communication Server Remote Buffer Overflow Vulnerability
Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities