CVE-2009-4270 - OpenCVE

Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ghostscript	Ghostscript

Configuration 1 [-]

OR	cpe:2.3:a:ghostscript:ghostscript:8.64:::::::*
	cpe:2.3:a:ghostscript:ghostscript:8.70:::::::*

No data.

References

Link	Providers
http://bugs.ghostscript.com/show_bug.cgi?id=690829
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://osvdb.org/61140
http://secunia.com/advisories/37851
http://secunia.com/advisories/40580
http://security.gentoo.org/glsa/glsa-201412-17.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:134
http://www.mandriva.com/security/advisories?name=MDVSA-2010:135
http://www.openwall.com/lists/oss-security/2009/12/18/1
http://www.openwall.com/lists/oss-security/2009/12/18/2
http://www.securityfocus.com/bid/37410
http://www.ubuntu.com/usn/USN-961-1
http://www.vupen.com/english/advisories/2009/3597
https://bugzilla.redhat.com/show_bug.cgi?id=540760

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-12-21T16:00:00

Updated: 2024-08-07T06:54:10.321Z

Reserved: 2009-12-10T00:00:00

Link: CVE-2009-4270

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-12-21T16:30:00.420

Modified: 2015-01-09T23:42:36.547

Link: CVE-2009-4270

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-01-02T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "GLSA-201412-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"}, {"name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"}, {"name": "MDVSA-2010:134", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"}, {"name": "[oss-security] 20091217 possible vulnerability in ghostscript >= 8.64", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"}, {"name": "USN-961-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-961-1"}, {"name": "MDVSA-2010:135", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"}, {"name": "ADV-2009-3597", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3597"}, {"name": "61140", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/61140"}, {"name": "40580", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40580"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"}, {"name": "37851", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37851"}, {"name": "37410", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37410"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:54:10.321Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201412-17", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"}, {"name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"}, {"name": "MDVSA-2010:134", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"}, {"name": "[oss-security] 20091217 possible vulnerability in ghostscript >= 8.64", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"}, {"name": "USN-961-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-961-1"}, {"name": "MDVSA-2010:135", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"}, {"name": "ADV-2009-3597", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3597"}, {"name": "61140", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/61140"}, {"name": "40580", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40580"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"}, {"name": "37851", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37851"}, {"name": "37410", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37410"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4270", "datePublished": "2009-12-21T16:00:00", "dateReserved": "2009-12-10T00:00:00", "dateUpdated": "2024-08-07T06:54:10.321Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.64:*:*:*:*:*:*:*", "matchCriteriaId": "70F9B613-59A2-4B38-AA0D-FF2ED9C30A61", "vulnerable": true}, {"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.70:*:*:*:*:*:*:*", "matchCriteriaId": "51FF58BE-045F-4333-B96A-380B869C76AD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n errprintf en base/gsmisc.c en ghostscript v8.64 hasta v8.70 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y probablemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero PDF modificado, como inicialmente se report\u00f3 por c\u00f3digo de registro de depuraci\u00f3n en gdevcups.c en el controlador de salida CUPS."}], "id": "CVE-2009-4270", "lastModified": "2015-01-09T23:42:36.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-12-21T16:30:00.420", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/61140"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37851"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/40580"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/37410"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-961-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3597"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.", "lastModified": "2009-12-22T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}