Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0196

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-0196
Last Modified 06 Jan 2015 09:59:02
Published 16 Apr 2009 11:12:57
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0196

Summary

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

Vulnerable Systems

Application

  • Ghostscript 0

  • Ghostscript 5.50

  • Ghostscript 7.07

  • Ghostscript 8.0.1

  • Ghostscript 8.15

  • Ghostscript 8.15.2

  • Ghostscript 8.54

  • Ghostscript 8.56

  • Ghostscript 8.57

  • Ghostscript 8.60

  • Ghostscript 8.61

  • Ghostscript 8.62

  • Ghostscript 8.63

  • Ghostscript 8.64


References

BID - 34445

FEDORA - FEDORA-2009-3710

FEDORA - FEDORA-2009-3709

MISC - https://bugzilla.redhat.com/attachment.cgi?id=337747

VUPEN - ADV-2009-1708

VUPEN - ADV-2009-0983

UBUNTU - USN-757-1

SECTRACK - 1022029

BUGTRAQ - 20090417 rPSA-2009-0060-1 ghostscript

BUGTRAQ - 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow

REDHAT - RHSA-2009:0421

MANDRIVA - MDVSA-2009:095

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2009-0060

SUNALERT - 262288

MISC - http://secunia.com/secunia_research/2009-21/

SECUNIA - 35569

SECUNIA - 35559

SECUNIA - 35416

SECUNIA - 34732

SECUNIA - 34729

SECUNIA - 34667

SECUNIA - 34292

OSVDB - 53492

SUSE - SUSE-SR:2009:011

SUSE - SUSE-SR:2009:009

GENTOO - GLSA-201412-17

Related Patches

Novell SUSE 2009:6245 ghostscript-fonts-other security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 11:07:26