This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
An integer overflow flaw was found in Ghostscript's TrueType bytecode
interpreter. An attacker could create a specially-crafted PostScript
or PDF file that, when interpreted, could cause Ghostscript to crash
or, potentially, execute arbitrary code. (CVE-2009-3743)
It was found that Ghostscript always tried to read Ghostscript system
initialization files from the current working directory before
checking other directories, even if a search path that did not contain
the current working directory was specified with the '-I' option, or
the '-P-' option was used (to prevent the current working directory
being searched first). If a user ran Ghostscript in an
attacker-controlled directory containing a system initialization file,
it could cause Ghostscript to execute arbitrary PostScript code.
Ghostscript included the current working directory in its library
search path by default. If a user ran Ghostscript without the '-P-'
option in an attacker-controlled directory containing a
specially-crafted PostScript library file, it could cause Ghostscript
to execute arbitrary PostScript code. With this update, Ghostscript no
longer searches the current working directory for library files by
See also :
Run 'yum update ghostscript' to upgrade your system.
Risk factor :
High / CVSS Base Score : 9.3