PRIOn knowledge basePRION:CVE-2009-4270

HistoryDec 21, 2009 - 4:30 p.m.

Stack overflow

2009-12-2116:30:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

89.5%

JSON

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

CPENameOperatorVersion
ghostscripteq8.70
ghostscripteq8.64

CPE	Name	Operator	Version
	ghostscript	eq	8.70
	ghostscript	eq	8.64

References

bugs.ghostscript.com/show_bug.cgi?id=690829

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

osvdb.org/61140

secunia.com/advisories/37851

secunia.com/advisories/40580

security.gentoo.org/glsa/glsa-201412-17.xml

www.mandriva.com/security/advisories?name=MDVSA-2010:134

www.mandriva.com/security/advisories?name=MDVSA-2010:135

www.openwall.com/lists/oss-security/2009/12/18/1

www.openwall.com/lists/oss-security/2009/12/18/2

www.securityfocus.com/bid/37410

www.ubuntu.com/usn/USN-961-1

www.vupen.com/english/advisories/2009/3597

bugzilla.redhat.com/show_bug.cgi?id=540760

8.2 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for PRION:CVE-2009-4270