Bug 582300 (CVE-2010-1869) - CVE-2010-1869 ghostscript: PS parser buffer overflow in token scanner
Summary: CVE-2010-1869 ghostscript: PS parser buffer overflow in token scanner
Alias: CVE-2010-1869
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: Embargoed582308
TreeView+ depends on / blocked
Reported: 2010-04-14 15:30 UTC by Vincent Danen
Modified: 2023-05-11 14:25 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-05-12 08:06:25 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Ghostscript 690902 0 None None None Never

Description Vincent Danen 2010-04-14 15:30:24 UTC
A buffer overflow vulnerability in Ghostscript's parser function was reported.  A specially crafted postscript file could result in the execution of arbitrary code if opened or printed (i.e. via CUPS).  Note that stack protections in the compiler render this into nothing more than a denial of service.  This has been corrected in upstream Ghostscript 8.71; at least 8.64 and 8.70 are affected by this issue.  Testing of Ghostscript 8.15 shows it does not suffer from this flaw.


Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue.

Comment 1 Vincent Danen 2010-04-14 15:32:23 UTC
This issue does not affect Fedora 11 or higher as they provide Ghostscript 8.71.

This issue does not affect Red Hat Enterprise Linux 5 or earlier due to the older versions of Ghostscript (8.15 and older).

Comment 6 Tomas Hoger 2010-04-15 18:37:25 UTC
Relevant upstream bug and commit should be:

Comment 9 Tomas Hoger 2010-05-12 06:35:11 UTC
Public now via:

Comment 10 Tomas Hoger 2010-05-12 06:36:28 UTC

Not vulnerable.  This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Note You need to log in before you can comment on or make changes to this bug.