CVE-2010-1869: Buffer Overflow
First published: Wed Apr 14 2010(Updated: )
A buffer overflow vulnerability in Ghostscript's parser function was reported. A specially crafted postscript file could result in the execution of arbitrary code if opened or printed (i.e. via CUPS). Note that stack protections in the compiler render this into nothing more than a denial of service. This has been corrected in upstream Ghostscript 8.71; at least 8.64 and 8.70 are affected by this issue. Testing of Ghostscript 8.15 shows it does not suffer from this flaw. Acknowledgements: Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex Gpl Ghostscript | =8.64 | |
| Artifex Gpl Ghostscript | =8.70 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:102
- http://www.vupen.com/english/advisories/2010/1138
- http://secunia.com/advisories/39753
- http://www.vupen.com/english/advisories/2010/1195
- http://www.securitytracker.com/id?1024003
- http://www.securityfocus.com/bid/40103
- http://www.ubuntu.com/usn/USN-961-1
- http://secunia.com/advisories/40580
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://www.securityfocus.com/archive/1/511243/100/0/threaded
- https://www.cve.org/CVERecord?id=CVE-2010-1869 https://nvd.nist.gov/vuln/detail/CVE-2010-1869
- https://bugzilla.redhat.com/show_bug.cgi?id=582300
- https://access.redhat.com/security/cve/CVE-2010-1869
- http://bugs.ghostscript.com/show_bug.cgi?id=690902
- http://code.google.com/p/ghostscript/source/detail?r=10312
- collector/nvd-historical
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2010-1869
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/artifex
- canonical/artifex gpl ghostscript
- version/artifex gpl ghostscript/8.64
- version/artifex gpl ghostscript/8.70