Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability

Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. A successful exploit may facilitate the compromise of the affected computer.

Ghostscript 8.64 and 8.70 are affected; other versions may be vulnerable as well.


 

Privacy Statement
Copyright 2010, SecurityFocus