CVE-2009-4897

2010-07-2205:40:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-4897

buffer overflow

ghostscript

pdf

remote code execution

memory corruption

vulnerability

nvd

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.77 High

EPSS

Percentile

98.2%

JSON

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

CPENameOperatorVersion
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.01
artifex:afpl_ghostscriptartifex afpl ghostscripteq7.00
artifex:afpl_ghostscriptartifex afpl ghostscripteq8.54
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.54
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.15
artifex:afpl_ghostscriptartifex afpl ghostscripteq7.04
artifex:afpl_ghostscriptartifex afpl ghostscripteq7.03
artifex:afpl_ghostscriptartifex afpl ghostscripteq8.13
artifex:afpl_ghostscriptartifex afpl ghostscripteq8.50
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.56

CPE	Name	Operator	Version
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.01
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	7.00
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	8.54
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.54
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.15
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	7.04
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	7.03
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	8.13
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	8.50
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.56