CVE-2009-4897

Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

Published: Jul 22, 2010
Updated: Nov 9, 2025
CVE: CVE-2009-4897
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
artifex / gpl_ghostscript	8.01	8.01.x
artifex / afpl_ghostscript	7.00	7.00.x
artifex / afpl_ghostscript	8.54	8.54.x
artifex / gpl_ghostscript	8.54	8.54.x
artifex / gpl_ghostscript	8.15	8.15.x
artifex / afpl_ghostscript	7.04	7.04.x
artifex / afpl_ghostscript	7.03	7.03.x
artifex / afpl_ghostscript	8.13	8.13.x
artifex / afpl_ghostscript	8.50	8.50.x
artifex / gpl_ghostscript	8.56	8.56.x
artifex / gpl_ghostscript	8.62	8.62.x
artifex / afpl_ghostscript	8.52	8.52.x
artifex / gpl_ghostscript	8.57	8.57.x
artifex / gpl_ghostscript	-	8.64.x
artifex / afpl_ghostscript	8.14	8.14.x
artifex / gpl_ghostscript	8.51	8.51.x
artifex / afpl_ghostscript	8.00	8.00.x
artifex / gpl_ghostscript	8.61	8.61.x
artifex / afpl_ghostscript	8.53	8.53.x
artifex / afpl_ghostscript	6.0	6.0.x
artifex / gpl_ghostscript	8.50	8.50.x
artifex / afpl_ghostscript	6.01	6.01.x
artifex / gpl_ghostscript	8.71	8.71.x
artifex / gpl_ghostscript	8.70	8.70.x
artifex / gpl_ghostscript	8.60	8.60.x
artifex / afpl_ghostscript	8.12	8.12.x
artifex / afpl_ghostscript	8.11	8.11.x
artifex / gpl_ghostscript	8.63	8.63.x
artifex / afpl_ghostscript	8.51	8.51.x
artifex / ghostscript_fonts	8.11	8.11.x
artifex / afpl_ghostscript	6.50	6.50.x

Vulnerability Database

314,452

CVE-2009-4897

Deep Security Visibility Without the Complexity