Buffer overflow in Artifex Afpl_ghostscript

CVE-2010-4054

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

Vulnerability class: Buffer Overflow

EPSS: 0.027 (83.7th percentile) — read the EPSS interpretation.

Affected products

Artifex Afpl_ghostscript — versions 8.54, 9.0, 8.52
Artifex Ghostscript_fonts — versions 8.11, 6.0
Artifex Gpl_ghostscript — versions 8.60, 8.50, 8.64
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (US Government Resource, x_refsource_CERT-VN, Patch, third-party-advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST, Patch)