Your submission was sent successfully! Close

CVE-2009-4270

Published: 21 December 2009

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

Priority

Low

Notes

AuthorNote
mdeslaur
Jaunty and over are a DoS because of FORTIFY_SOURCE
dapper and hardy have the vulnerable code in gsmisc.c, but it's
not called from cups_put_params() in gdevcups.c.

References

Bugs