CVE-2009-4897
Ghostscript < 8.64 - Remote Code Execution via Crafted PDF Document
Title source: llmDescription
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
References (10)
Core 10
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201412-17.xml
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:134
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/66277
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60380
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-961-1
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:135
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40580
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41593
Vendor Advisory x_refsource_confirm
http://bugs.ghostscript.com/show_bug.cgi?id=690523
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=613792
Scores
EPSS
0.0829
EPSS Percentile
92.4%
Details
CWE
CWE-119
Status
published
Products (31)
artifex/afpl_ghostscript
6.0
artifex/afpl_ghostscript
6.01
artifex/afpl_ghostscript
6.50
artifex/afpl_ghostscript
7.00
artifex/afpl_ghostscript
7.03
artifex/afpl_ghostscript
7.04
artifex/afpl_ghostscript
8.00
artifex/afpl_ghostscript
8.11
artifex/afpl_ghostscript
8.12
artifex/afpl_ghostscript
8.13
... and 21 more
Published
Jul 22, 2010
Tracked Since
Feb 18, 2026