Vulnerability Description
Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Gpl Ghostscript | 9.04 |
Related Weaknesses (CWE)
References
- http://bugs.ghostscript.com/show_bug.cgi?id=692856
- http://secunia.com/advisories/47855Vendor Advisory
- http://www.securityfocus.com/bid/52864
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74554
- http://bugs.ghostscript.com/show_bug.cgi?id=692856
- http://secunia.com/advisories/47855Vendor Advisory
- http://www.securityfocus.com/bid/52864
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74554
FAQ
What is CVE-2012-4875?
CVE-2012-4875 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a...
How severe is CVE-2012-4875?
CVE-2012-4875 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4875?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Gpl Ghostscript.