Summary
This host is installed with Ghostscript and is prone to Buffer Overflow Vulnerability.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the affected application and to cause denial of service.
Impact Level: Application
Solution
Upgrade to Ghostscript version 8.71 or later.
For updates refer to http://ghostscript.com/releases/
Insight
The flaws arise due to
- A boundary error in the jbig2_symbol_dict.c() function in the JBIG2 decoding library (jbig2dec) while decoding JBIG2 symbol dictionary segments.
- multiple integer overflows in icc.c in the ICC Format library while processing malformed PDF and PostScript files with embedded images.
Affected
Ghostscript version 8.64 and prior on Linux.
References
Severity
Classification
-
CVE CVE-2009-0196, CVE-2009-0792 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities