Vulnerability Description
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Afpl Ghostscript | 6.0 |
| Artifex | Ghostscript Fonts | 8.11 |
| Artifex | Gpl Ghostscript | <= 8.64 |
Related Weaknesses (CWE)
References
- http://bugs.ghostscript.com/show_bug.cgi?id=690523Vendor Advisory
- http://secunia.com/advisories/40580Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201412-17.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:134
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:135
- http://www.osvdb.org/66277
- http://www.securityfocus.com/bid/41593Patch
- http://www.ubuntu.com/usn/USN-961-1
- https://bugzilla.redhat.com/show_bug.cgi?id=613792
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60380
- http://bugs.ghostscript.com/show_bug.cgi?id=690523Vendor Advisory
- http://secunia.com/advisories/40580Vendor Advisory
- http://security.gentoo.org/glsa/glsa-201412-17.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:134
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:135
FAQ
What is CVE-2009-4897?
CVE-2009-4897 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containi...
How severe is CVE-2009-4897?
CVE-2009-4897 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4897?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Afpl Ghostscript, Artifex Ghostscript Fonts, Artifex Gpl Ghostscript.