Published: 19/05/2010 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent malicious users to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex gpl ghostscript 8.64
artifex gpl ghostscript 8.70

Debian Bug report logs - #584516 CVE-2010-1628: allows context-dependent attackers to execute arbitrary code Package: ghostscript; Maintainer for ghostscript is Debian Printing Team <debian-printing@listsdebianorg>; Source for ghostscript is src:ghostscript (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@ ...

David Srbecky discovered that Ghostscript incorrectly handled debug logging If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program This issue only affected Ubuntu 904 and Ubuntu 910 The default compiler op ...

CWE-119 http://secunia.com/advisories/39753 http://www.openwall.com/lists/oss-security/2010/05/18/7 http://seclists.org/fulldisclosure/2010/May/134 http://bugs.ghostscript.com/show_bug.cgi?id=691295 http://www.securityfocus.com/bid/40107 http://www.openwall.com/lists/oss-security/2010/05/12/1 https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009 http://www.vupen.com/english/advisories/2010/1138 http://secunia.com/advisories/40580 http://www.ubuntu.com/usn/USN-961-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:134 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://security.gentoo.org/glsa/glsa-201412-17.xml http://www.securityfocus.com/archive/1/511243/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584516 https://usn.ubuntu.com/961-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1628

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect