VDB
CVE-2012-4875
CVE-2012-4875
PUBLISHED
CVSS 9.300000190734863 CRITICAL
** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it.
EPSS 9.32% · 92.9th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
9.32%
92.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| artifex | gpl_ghostscript | 9.04 |
Timeline
- Sep 6, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 47855 third-party-advisory
- 52864 vdb
- ghostscript-outputfile-bo(74554) vdb
- http://bugs.ghostscript.com/show_bug.cgi?id=692856 url
- https://nvd.nist.gov/vuln/detail/CVE-2012-4875 advisory