PT-2010-1303 · Artifex+3 · Ghostscript+3

Jonathan Brossard

Publicado

2010-08-26

Atualizado

2018-10-10

CVE-2009-3743

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ghostscript versions prior to 8.71

Description The issue is related to an off-by-one error in the Ins MINDEX function within the TrueType bytecode interpreter. This error can be triggered by a malformed TrueType font in a document, leading to an integer overflow and a heap-based buffer overflow. As a result, remote attackers may be able to execute arbitrary code or cause a denial of service due to heap memory corruption.

Recommendations For versions prior to 8.71, update to version 8.71 or later to resolve the issue.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CESA-2012_0095

CVE-2009-3743

RHSA-2012:0095

RHSA-2012_0095

Produtos afetados

Centos

Ghostscript

Red Hat

Suse

PT-2010-1303 · Artifex+3 · Ghostscript+3

CVE-2009-3743

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27