Test ID:	1.3.6.1.4.1.25623.1.0.801411
Category:	Buffer overflow
Title:	Ghostscript 'iscan.c' PDF Handling Remote Buffer Overflow Vulnerability
Summary:	Ghostscript is prone to a buffer overflow vulnerability.
Description:	Summary: Ghostscript is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to improper bounds checking by 'iscan.c' when processing malicious 'PDF' files, which leads to open a specially-crafted PDF file. Vulnerability Impact: Successful exploitation allows the attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. Affected Software/OS: Ghostscript version 8.64 and prior Solution: Upgrade to Ghostscript version 8.71 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4897 40580 http://secunia.com/advisories/40580 41593 http://www.securityfocus.com/bid/41593 66277 http://www.osvdb.org/66277 GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml MDVSA-2010:134 http://www.mandriva.com/security/advisories?name=MDVSA-2010:134 MDVSA-2010:135 http://www.mandriva.com/security/advisories?name=MDVSA-2010:135 USN-961-1 http://www.ubuntu.com/usn/USN-961-1 ghostscript-iscan-bo(60380) https://exchange.xforce.ibmcloud.com/vulnerabilities/60380 http://bugs.ghostscript.com/show_bug.cgi?id=690523 https://bugzilla.redhat.com/show_bug.cgi?id=613792
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.