CVE-2010-1869

Artifex Gpl Ghostscript - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rodrigo Rubira Branco · perllocalbsd

https://www.exploit-db.com/exploits/14406

View Code ZIP pw:eip

References (11)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

[Various Sources] http://www.checkpoint.com/defense/advisories/public/2010/cpai-10-May.html

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2010:102

[Vendor Advisory] http://www.ubuntu.com/usn/USN-961-1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511243/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/40103

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024003

[Third Party Advisory] http://secunia.com/advisories/39753

[Third Party Advisory] http://secunia.com/advisories/40580

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/1138

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/1195

Scores

EPSS 0.2120

EPSS Percentile 95.6%

Classification

CWE

CWE-119

Status draft

Affected Products (2)

artifex/gpl_ghostscript

Timeline

Published May 12, 2010

Tracked Since Feb 18, 2026