GoogleOSV:DSA-2093-1ghostscript - several vulnerabilities
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Two security issues have been discovered in Ghostscript, the GPL
PostScript/PDF interpreter. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2009-4897
A buffer overflow was discovered that allows remote attackers to
execute arbitrary code or cause a denial of service via a crafted PDF
document containing a long name. - CVE-2010-1628
Dan Rosenberg discovered that ghostscript incorrectly handled certain
recursive Postscript files. An attacker could execute arbitrary code
via a PostScript file containing unlimited recursive procedure
invocations, which trigger memory corruption in the stack of the
interpreter.
For the stable distribution (lenny), these problems have been fixed in
version 8.62.dfsg.1-3.2lenny5
For the testing distribution (squeeze) and the unstable distribution (sid),
these problems have been fixed in version 8.71~dfsg2-4
We recommend that you upgrade your ghostscript package.
References
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C