CVE-2010-1628Improper Restriction of Operations within the Bounds of a Memory Buffer in GPL Ghostscript

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
9.3CRITICALNVD
EPSS
5.1%
top 10.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptArtifex GPL Ghostscript
Timeline
PublishedMay 19
Latest updateMay 14

Description

Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianartifex/ghostscript< 8.71~dfsg2-4+3
NVDartifex/gpl_ghostscript8.64, 8.70+1

🔴Vulnerability Details

3
GHSA
GHSA-67rg-j83g-ppg2: Ghostscript 82022-05-14
OSV
CVE-2010-1628: Ghostscript 82010-05-19
CVEList
CVE-2010-1628: Ghostscript 82010-05-19

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2010-07-13
Red Hat
ghostscript: internal stack overflow due to recursive calls2010-05-11
Debian
CVE-2010-1628: ghostscript - Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent att...2010

💬Community

2
Bugzilla
CVE-2010-1628 ghostscript: internal stack overflow due to recursive calls [fedora-all]2010-07-15
Bugzilla
CVE-2010-1628 ghostscript: internal stack overflow due to recursive calls2010-05-14
CVE-2010-1628 — Artifex GPL Ghostscript vulnerability | cvebase