From secunia security advisory at $URL: Description Andrei Costin has discovered a vulnerability in Ghostscript, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing the "OutputFile" device parameter and can be exploited to cause a heap-based buffer overflow via an overly long filename string in a PostScript document. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 9.04 running on Windows. Other versions may also be affected. Solution Update to version 9.05.
@printing, is reproducible on Linux?
Seems like only Secunia and the original reporter know how to trigger this. Ghostscript upstream closed the bug as invalid because they could not reproduce it and noone provided the required information even after poking.
Thanks, everyone. I am resolving this as INVALID. Please reopen if we see updated or more complete information that indicates we're affected.
CVE-2012-4875 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4875): ** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it.
