Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1869Improper Restriction of Operations within the Bounds of a Memory Buffer in GPL Ghostscript

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents9 sources
Severity
9.3CRITICALNVD
EPSS
21.2%
top 4.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Artifex GhostscriptArtifex GPL Ghostscript
Timeline
PublishedMay 12
Latest updateMay 14

Description

Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianartifex/ghostscript< 8.71~dfsg-4+3
NVDartifex/gpl_ghostscript8.64, 8.70+1

🔴Vulnerability Details

3
GHSA
GHSA-gpcm-hmx8-j7h9: Stack-based buffer overflow in the parser function in GhostScript 82022-05-14
CVEList
CVE-2010-1869: Stack-based buffer overflow in the parser function in GhostScript 82010-05-12
OSV
CVE-2010-1869: Stack-based buffer overflow in the parser function in GhostScript 82010-05-12

💥Exploits & PoCs

1
Exploit-DB
Ghostscript - '.PostScript' File Stack Overflow2010-07-18

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2010-07-13
Red Hat
ghostscript: PS parser buffer overflow in token scanner2010-05-11
Debian
CVE-2010-1869: ghostscript - Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 ...2010

💬Community

2
Bugzilla
CVE-2009-4897 ghostscript: long name buffer overflow (GS 8.64)2010-07-12
Bugzilla
CVE-2010-1869 ghostscript: PS parser buffer overflow in token scanner2010-04-14
CVE-2010-1869 — Artifex GPL Ghostscript vulnerability | cvebase