CVE-2009-4897

Name of the Vulnerable Software and Affected Versions Ghostscript versions 8.64 and earlier

Description The issue concerns multiple vulnerabilities in the Ghostscript package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in the gs/psi/iscan.c file of Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a crafted PDF document containing a long name.

Recommendations For Ghostscript versions 8.64 and earlier, update to a version later than 8.64 to resolve the issue. As a temporary workaround, consider restricting the use of Ghostscript to minimize the risk of exploitation until a patch is available. Avoid using Ghostscript to process untrusted or crafted PDF documents until the issue is resolved. At the moment, there is no information about other specific mitigation measures for this vulnerability.