Ghostscript 'iscan.c' PDF Handling Remote Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Ghostscript and is prone to buffer overflow vulnerability.

Impact

Successful exploitation allows the attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. Impact Level: Application

Solution

Upgrade to Ghostscript version 8.71 or later, For updates refer to http://www.ghostscript.com/

Insight

The flaw is due to improper bounds checking by 'iscan.c' when processing malicious 'PDF' files, which leads to open a specially-crafted PDF file.

Affected

Ghostscript version 8.64 and prior

References

http://secunia.com/advisories/40580
http://xforce.iss.net/xforce/xfdb/60380

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4897
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ALZip MIM File Processing Buffer Overflow Vulnerability
Cscope putstring Multiple Buffer Overflow vulnerability
Adobe InDesign 'INDD' File Handling Remote Buffer Overflow Vulnerability
BaoFeng Storm '.smpl' File Buffer Overflow Vulnerability
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)

Take action and discover your vulnerabilities