CVE-2009-4270

Publication date 21 December 2009

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
ghostscript 10.04 LTS lucid
Not affected
9.10 karmic
Fixed 8.70.dfsg.1-0ubuntu3.1
9.04 jaunty
Fixed 8.64.dfsg.1-0ubuntu8.1
8.10 intrepid Ignored end of life, was needed
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
gs-afpl 10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Ignored end of life
gs-esp 10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper
Not affected
gs-gpl 10.04 LTS lucid Not in release
9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Ignored end of life

Notes

mdeslaur

Jaunty and over are a DoS because of FORTIFY_SOURCE dapper and hardy have the vulnerable code in gsmisc.c, but it’s not called from cups_put_params() in gdevcups.c.

References

Related Ubuntu Security Notices (USN)

    • USN-961-1
    • Ghostscript vulnerabilities
    • 13 July 2010

Other references