CVE-2010-1869: Buffer Overflow
First published: Wed Apr 14 2010(Updated: )
A buffer overflow vulnerability in Ghostscript's parser function was reported. A specially crafted postscript file could result in the execution of arbitrary code if opened or printed (i.e. via CUPS). Note that stack protections in the compiler render this into nothing more than a denial of service. This has been corrected in upstream Ghostscript 8.71; at least 8.64 and 8.70 are affected by this issue. Testing of Ghostscript 8.15 shows it does not suffer from this flaw. Acknowledgements: Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ghostscript | =8.64 | |
| Ghostscript | =8.70 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:102
- http://www.vupen.com/english/advisories/2010/1138
- http://secunia.com/advisories/39753
- http://www.vupen.com/english/advisories/2010/1195
- http://www.securitytracker.com/id?1024003
- http://www.securityfocus.com/bid/40103
- http://www.ubuntu.com/usn/USN-961-1
- http://secunia.com/advisories/40580
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://www.securityfocus.com/archive/1/511243/100/0/threaded
- https://www.cve.org/CVERecord?id=CVE-2010-1869 https://nvd.nist.gov/vuln/detail/CVE-2010-1869
- https://bugzilla.redhat.com/show_bug.cgi?id=582300
- https://access.redhat.com/security/cve/CVE-2010-1869
- http://bugs.ghostscript.com/show_bug.cgi?id=690902
- http://code.google.com/p/ghostscript/source/detail?r=10312
Frequently Asked Questions
What is the severity of CVE-2010-1869?
CVE-2010-1869 is considered a high severity vulnerability due to the potential for arbitrary code execution resulting from a buffer overflow.
How do I fix CVE-2010-1869?
To mitigate CVE-2010-1869, update Ghostscript to version 8.71 or later, which addresses this vulnerability.
Which versions of Ghostscript are affected by CVE-2010-1869?
CVE-2010-1869 affects Ghostscript versions 8.64 and 8.70.
What happens if CVE-2010-1869 is exploited?
Exploitation of CVE-2010-1869 could lead to execution of arbitrary code, although in many cases it may result in denial of service due to stack protections.
How is CVE-2010-1869 typically exploited?
CVE-2010-1869 is typically exploited by opening or printing a specially crafted PostScript file.
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2010-1869
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/artifex
- canonical/ghostscript
- version/ghostscript/8.64
- version/ghostscript/8.70