CVE-2010-4054

2010-10-2320:39:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-4054

ghostscript

denial of service

incorrect pointer dereference

application crash

crafted font data

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

76.8%

JSON

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

CPENameOperatorVersion
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.01
artifex:afpl_ghostscriptartifex afpl ghostscripteq7.00
artifex:afpl_ghostscriptartifex afpl ghostscripteq8.54
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.54
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.15
artifex:afpl_ghostscriptartifex afpl ghostscripteq7.04
artifex:afpl_ghostscriptartifex afpl ghostscripteq7.03
artifex:afpl_ghostscriptartifex afpl ghostscripteq8.13
artifex:afpl_ghostscriptartifex afpl ghostscripteq8.50
artifex:gpl_ghostscriptartifex gpl ghostscripteq8.56

CPE	Name	Operator	Version
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.01
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	7.00
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	8.54
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.54
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.15
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	7.04
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	7.03
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	8.13
artifex:afpl_ghostscript	artifex afpl ghostscript	eq	8.50
artifex:gpl_ghostscript	artifex gpl ghostscript	eq	8.56