Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 2093-1 (ghostscript)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to ghostscript announced via advisory DSA 2093-1.
Insight
Insight
Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4897 It was discovered a buffer overflow that allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF document containing a long name. CVE-2010-1628 Dan Rosenberg discovered that ghostscript incorrectly handled certain recursive Postscript files. An attacker could execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. For the stable distribution (lenny), these problems have been fixed in version 8.62.dfsg.1-3.2lenny5 For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 8.71~dfsg2-4 We recommend that you upgrade your ghostscript package.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202093-1