Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2009-4270

Published: 21/12/2009 Updated: 09/01/2015
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ghostscript

Vulnerability Summary

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 up to and including 8.70 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

Vulnerable Product Search on Vulmon Subscribe to Product

ghostscript ghostscript 8.64

ghostscript ghostscript 8.70

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-4270: Stack-based buffer overflow in the errprintf function
Debian Bug report logs - #562643 CVE-2009-4270: Stack-based buffer overflow in the errprintf function Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debian ...
Ubuntu Security Notice: ghostscript vulnerabilities
David Srbecky discovered that Ghostscript incorrectly handled debug logging If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program This issue only affected Ubuntu 904 and Ubuntu 910 The default compiler op ...
Debian Security Advisories: DSA-2080-1 ghostscript -- several vulnerabilities
Several security issues have been discovered in Ghostscript, a GPL PostScript/PDF interpreter, which might lead to the execution of arbitrary code if a user processes a malformed PDF or Postscript file For the stable distribution (lenny), these problems have been fixed in version 862dfsg1-32lenny4 For the unstable distribution (sid), these pr ...

References

CWE-119https://bugzilla.redhat.com/show_bug.cgi?id=540760http://www.openwall.com/lists/oss-security/2009/12/18/2http://www.vupen.com/english/advisories/2009/3597http://bugs.ghostscript.com/show_bug.cgi?id=690829http://secunia.com/advisories/37851http://www.securityfocus.com/bid/37410http://www.openwall.com/lists/oss-security/2009/12/18/1http://osvdb.org/61140http://www.ubuntu.com/usn/USN-961-1http://secunia.com/advisories/40580http://www.mandriva.com/security/advisories?name=MDVSA-2010:134http://www.mandriva.com/security/advisories?name=MDVSA-2010:135http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlhttp://security.gentoo.org/glsa/glsa-201412-17.xmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562643https://usn.ubuntu.com/961-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook