Buffer overflow in Artifex Gpl_ghostscript

CVE-2012-4875

Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 2012…

Vulnerability class: Buffer Overflow

EPSS: 0.043 (89.8th percentile) — read the EPSS interpretation.

Affected products

Artifex Gpl_ghostscript — versions 9.04
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)