VDB
CVE-2009-4897
CVE-2009-4897
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
EPSS 8.29% · 92.4th percentile
Risk Scores
CVSS v2.0
9.300000190734863
EPSS Score
8.29%
92.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| artifex | ghostscript_fonts | 8.11 |
| artifex | afpl_ghostscript | 7.03, 7.04, 8.00 |
| artifex | gpl_ghostscript | 0, 8.15, 8.50 |
Timeline
- Jul 22, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 2, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- GLSA-201412-17 vendor-advisory
- MDVSA-2010:134 vendor-advisory
- 66277 vdb
- ghostscript-iscan-bo(60380) vdb
- USN-961-1 vendor-advisory
- MDVSA-2010:135 vendor-advisory
- 40580 third-party-advisory
- 41593 vdb
- http://bugs.ghostscript.com/show_bug.cgi?id=690523 url
- https://bugzilla.redhat.com/show_bug.cgi?id=613792 url
- https://nvd.nist.gov/vuln/detail/CVE-2009-4897 advisory