Your submission was sent successfully! Close

CVE-2009-4270

Published: 21 December 2009

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

Priority

Low

Status

Package Release Status
ghostscript
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

intrepid Needed
(reached end-of-life)
jaunty
Released (8.64.dfsg.1-0ubuntu8.1)
karmic
Released (8.70.dfsg.1-0ubuntu3.1)
lucid Not vulnerable
(8.71.dfsg.1-0ubuntu5.1)
upstream
Released (8.71)
gs-afpl
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

upstream Needed

gs-esp
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

upstream Needed

gs-gpl
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

upstream Needed

Notes

AuthorNote
mdeslaur
Jaunty and over are a DoS because of FORTIFY_SOURCE
dapper and hardy have the vulnerable code in gsmisc.c, but it's
not called from cups_put_params() in gdevcups.c.

References

Bugs