CVE-2009-4270: Buffer Overflow
First published: Tue Nov 24 2009(Updated: )
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ghostscript Ghostscript | =8.70 | |
| Ghostscript Ghostscript | =8.64 | |
| redhat/8.70 | <2. | 2. |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=540760
- http://www.openwall.com/lists/oss-security/2009/12/18/2
- http://www.vupen.com/english/advisories/2009/3597
- http://bugs.ghostscript.com/show_bug.cgi?id=690829
- http://secunia.com/advisories/37851
- http://www.securityfocus.com/bid/37410
- http://www.openwall.com/lists/oss-security/2009/12/18/1
- http://osvdb.org/61140
- http://www.ubuntu.com/usn/USN-961-1
- http://secunia.com/advisories/40580
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:134
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:135
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://security.gentoo.org/glsa/glsa-201412-17.xml
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373324
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373324&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373325
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373325&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373326
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373326&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373445
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373445&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373446
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373446&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373495&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=373495&action=edit
- https://access.redhat.com/security/cve/CVE-2009-4270
- http://admin.fedoraproject.org/updates/ghostscript-8.70-2.fc11
- http://admin.fedoraproject.org/updates/ghostscript-8.70-2.fc12
- http://admin.fedoraproject.org/updates/F12/FEDORA-2010-0327
- http://admin.fedoraproject.org/updates/F11/FEDORA-2010-0350
- https://www.cve.org/CVERecord?id=CVE-2009-4270 https://nvd.nist.gov/vuln/detail/CVE-2009-4270
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4270.json
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-cve
- source/Red Hat
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- alias/CVE-2009-4270
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/ghostscript
- canonical/ghostscript ghostscript
- version/ghostscript ghostscript/8.70
- version/ghostscript ghostscript/8.64
- package-manager/redhat