Summary
This host is installed with Ghostscript and is prone to buffer overflow vulnerability.
Impact
Successful exploitation allows the attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
Impact Level: Application
Solution
Upgrade to Ghostscript version 8.71 or later,
For updates refer to http://www.ghostscript.com/
Insight
The flaw is due to improper bounds checking by 'iscan.c' when processing malicious 'PDF' files, which leads to open a specially-crafted PDF file.
Affected
Ghostscript version 8.64 and prior
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-4897 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ALZip MIM File Processing Buffer Overflow Vulnerability
- Cscope putstring Multiple Buffer Overflow vulnerability
- Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability
- BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)