Strix
26.1K

CVE-2012-4875

UnknownEPSS 4.27%

Last modified

CVE-2012-4875 is a vulnerability of currently unknown severity. Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it. EPSS estimates a 4.27% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it

Metrics

EPSS Probability
4.27%

89.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ArtifexGpl Ghostscript9.04

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-4875?
Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it
How severe is CVE-2012-4875?
Severity scoring for CVE-2012-4875 is pending analysis. The EPSS model estimates a 4.27% probability of exploitation in the next 30 days.
How do I fix CVE-2012-4875?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4875?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST