CVE Vulnerabilities

CVE-2009-3743

Published: Aug 26, 2010 | Modified: Oct 10, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Afpl_ghostscript Artifex 6.0 6.0
Afpl_ghostscript Artifex 6.01 6.01
Afpl_ghostscript Artifex 6.50 6.50
Afpl_ghostscript Artifex 7.00 7.00
Afpl_ghostscript Artifex 7.03 7.03
Afpl_ghostscript Artifex 7.04 7.04
Afpl_ghostscript Artifex 8.00 8.00
Afpl_ghostscript Artifex 8.11 8.11
Afpl_ghostscript Artifex 8.12 8.12
Afpl_ghostscript Artifex 8.13 8.13
Afpl_ghostscript Artifex 8.14 8.14
Afpl_ghostscript Artifex 8.50 8.50
Afpl_ghostscript Artifex 8.51 8.51
Afpl_ghostscript Artifex 8.52 8.52
Afpl_ghostscript Artifex 8.53 8.53
Afpl_ghostscript Artifex 8.54 8.54
Ghostscript_fonts Artifex 6.0 6.0
Ghostscript_fonts Artifex 8.11 8.11
Gpl_ghostscript Artifex 8.01 8.01
Gpl_ghostscript Artifex 8.15 8.15
Gpl_ghostscript Artifex 8.50 8.50
Gpl_ghostscript Artifex 8.51 8.51
Gpl_ghostscript Artifex 8.54 8.54
Gpl_ghostscript Artifex 8.56 8.56
Gpl_ghostscript Artifex 8.57 8.57
Gpl_ghostscript Artifex 8.60 8.60
Gpl_ghostscript Artifex 8.61 8.61
Gpl_ghostscript Artifex 8.62 8.62
Gpl_ghostscript Artifex 8.63 8.63
Gpl_ghostscript Artifex 8.64 8.64
Gpl_ghostscript Artifex * 8.70
Red Hat Enterprise Linux 5 RedHat ghostscript-0:8.70-6.el5_7.6 *
Red Hat Enterprise Linux 6 RedHat ghostscript-0:8.70-11.el6_2.6 *
Ghostscript Ubuntu hardy *
Ghostscript Ubuntu jaunty *
Ghostscript Ubuntu karmic *
Gs-afpl Ubuntu dapper *
Gs-esp Ubuntu dapper *
Gs-gpl Ubuntu dapper *

References