CVE-2010-4054Improper Restriction of Operations within the Bounds of a Memory Buffer in Afpl Ghostscript

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation9 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
1.9%
top 16.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Artifex GhostscriptArtifex Afpl GhostscriptArtifex Ghostscript Fonts+1 more
Timeline
PublishedOct 23
Latest updateMay 17

Description

The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDartifex/ghostscript_fonts6.0, 8.11+1
Debianartifex/ghostscript< 8.71~dfsg-1+3
NVDartifex/gpl_ghostscript14 versions+13
NVDartifex/afpl_ghostscript17 versions+16

Patches

Patch: ghostscript.comPatch: www.kb.cert.orgPatch: ghostscript.com

🔴Vulnerability Details

3
GHSA
GHSA-v2wp-vq4f-gx8c: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application cra2022-05-17
OSV
CVE-2010-4054: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application cra2010-10-23
CVEList
CVE-2010-4054: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application cra2010-10-22

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2012-01-04
Red Hat
ghostscript: glyph data access improper input validation2010-01-04
Debian
CVE-2010-4054: ghostscript - The gs_type2_interpret function in Ghostscript allows remote attackers to cause ...2010

💬Community

2
Bugzilla
CVE-2010-4054 ghostscript: NULL pointer dereference by processing garbage font data in type1 and type2 font interpreters [fedora-12]2010-10-28
Bugzilla
CVE-2010-4054 ghostscript: glyph data access improper input validation2010-10-24
CVE-2010-4054 — Artifex Afpl Ghostscript vulnerability | cvebase