CVE-2010-4054
Ghostscript - Denial of Service via Crafted Font Data in Compressed Stream
Title source: llmDescription
The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2012-0095.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201412-17.xml
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0096.html
Patch, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/538191
Patch mailing-list
x_refsource_mlist
http://ghostscript.com/pipermail/gs-cvs/2010-January/010333.html
Scores
EPSS
0.0187
EPSS Percentile
83.4%
Details
CWE
CWE-119
Status
published
Products (33)
artifex/afpl_ghostscript
6.0
artifex/afpl_ghostscript
6.01
artifex/afpl_ghostscript
6.50
artifex/afpl_ghostscript
7.00
artifex/afpl_ghostscript
7.03
artifex/afpl_ghostscript
7.04
artifex/afpl_ghostscript
8.00
artifex/afpl_ghostscript
8.11
artifex/afpl_ghostscript
8.12
artifex/afpl_ghostscript
8.13
... and 23 more
Published
Oct 23, 2010
Tracked Since
Feb 18, 2026