Short Name |
HTTP:GHOSTSCRIPT-ERRPRINTF-BOF
|
Severity |
High
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Ghostscript errprintf Buffer Overflow
|
Release Date |
2012/12/01
|
Update Number |
2207
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+
|
HTTP: Ghostscript errprintf Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Ghostscript. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Extended Description
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.
Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. A successful exploit may facilitate the compromise of the affected computer.
Ghostscript 8.64 and 8.70 are affected; other versions may be vulnerable as well.
Affected Products
- Debian Linux 5.0
- Debian Linux 5.0 Alpha
- Debian Linux 5.0 Amd64
- Debian Linux 5.0 Arm
- Debian Linux 5.0 Armel
- Debian Linux 5.0 Hppa
- Debian Linux 5.0 Ia-32
- Debian Linux 5.0 Ia-64
- Debian Linux 5.0 M68k
- Debian Linux 5.0 Mips
- Debian Linux 5.0 Mipsel
- Debian Linux 5.0 Powerpc
- Debian Linux 5.0 S/390
- Debian Linux 5.0 Sparc
- Ghostscript 8.64
- Ghostscript 8.70
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2008.0
- Mandriva Linux Mandrake 2008.0 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2009.1
- Mandriva Linux Mandrake 2009.1 X86 64
- Mandriva Linux Mandrake 2010.0
- Mandriva Linux Mandrake 2010.0 X86 64
- SuSE Linux 11
- SuSE openSUSE 11.0
- SuSE openSUSE 11.1
- SuSE openSUSE 11.2
- SuSE openSUSE 11.3
- SuSE SUSE Linux Enterprise 11
- SuSE SUSE Linux Enterprise 11 SP1
- SuSE SUSE Linux Enterprise Desktop 11
- SuSE SUSE Linux Enterprise Desktop 11 SP1
- SuSE SUSE Linux Enterprise Server 11
- SuSE SUSE Linux Enterprise Server 11 SP1
- Ubuntu Ubuntu Linux 10.04 Amd64
- Ubuntu Ubuntu Linux 10.04 I386
- Ubuntu Ubuntu Linux 10.04 Powerpc
- Ubuntu Ubuntu Linux 10.04 Sparc
- Ubuntu Ubuntu Linux 8.04 LTS Amd64
- Ubuntu Ubuntu Linux 8.04 LTS I386
- Ubuntu Ubuntu Linux 8.04 LTS Lpia
- Ubuntu Ubuntu Linux 8.04 LTS Powerpc
- Ubuntu Ubuntu Linux 8.04 LTS Sparc
- Ubuntu Ubuntu Linux 9.04 Amd64
- Ubuntu Ubuntu Linux 9.04 I386
- Ubuntu Ubuntu Linux 9.04 Lpia
- Ubuntu Ubuntu Linux 9.04 Powerpc
- Ubuntu Ubuntu Linux 9.04 Sparc
- Ubuntu Ubuntu Linux 9.10 Amd64
- Ubuntu Ubuntu Linux 9.10 I386
- Ubuntu Ubuntu Linux 9.10 Lpia
- Ubuntu Ubuntu Linux 9.10 Powerpc
- Ubuntu Ubuntu Linux 9.10 Sparc
References