CVE-2012-4875

Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document.  NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
artifexgpl_ghostscript
9.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ghostscript
bullseye
9.53.3~dfsg-7+deb11u7
fixed
bullseye (security)
9.53.3~dfsg-7+deb11u8
fixed
bookworm
10.0.0~dfsg-11+deb12u4
fixed
bookworm (security)
10.0.0~dfsg-11+deb12u5
fixed
sid
10.04.0~dfsg-1
fixed
trixie
10.04.0~dfsg-1
fixed
Common Weakness Enumeration
References
http://bugs.ghostscript.com/show_bug.cgi?id=692856
http://secunia.com/advisories/47855
http://www.securityfocus.com/bid/52864
https://exchange.xforce.ibmcloud.com/vulnerabilities/74554
http://bugs.ghostscript.com/show_bug.cgi?id=692856
http://secunia.com/advisories/47855
http://www.securityfocus.com/bid/52864
https://exchange.xforce.ibmcloud.com/vulnerabilities/74554