PT-2010-1303 · Artifex+3 · Ghostscript+3

Jonathan Brossard

Published

2010-08-26

Updated

2018-10-10

CVE-2009-3743

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ghostscript versions prior to 8.71

Description The issue is related to an off-by-one error in the Ins MINDEX function within the TrueType bytecode interpreter. This error can be triggered by a malformed TrueType font in a document, leading to an integer overflow and a heap-based buffer overflow. As a result, remote attackers may be able to execute arbitrary code or cause a denial of service due to heap memory corruption.

Recommendations For versions prior to 8.71, update to version 8.71 or later to resolve the issue.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CESA-2012_0095

CVE-2009-3743

RHSA-2012:0095

RHSA-2012_0095

Affected Products

Centos

Ghostscript

Red Hat

Suse

PT-2010-1303 · Artifex+3 · Ghostscript+3

CVE-2009-3743

Weakness Enumeration

Related Identifiers

Affected Products

References · 27