CVE-2009-0196
Published Apr 16, 2009
Last updated 6 years ago
Overview
- Description
- Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
- Source
- PSIRT-CNA@flexerasoftware.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06B00D31-6A9C-44C2-AF0F-36F91CADCF04",
"versionEndIncluding": "8.64"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E68242D-465A-443F-9D25-BE57F9080394"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:5.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A46BABB2-C49A-4EF4-9FD7-7E80EE7CF55A"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:7.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E63082C3-15B6-4DD8-8818-BFD61B054B08"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9877DC36-5151-43C9-864D-BE7939A0304D"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F9F0F0A-E413-42CC-B67D-434EC6A92543"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.15.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "491F4BDC-33BD-4EA6-A19B-1066BBC9EBFC"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.54:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DA7298B-2552-45DF-AE6B-FC71ACF623E1"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.56:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87A234A3-5FF9-4567-A731-3FFCD1965C60"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.57:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2916811-2ABD-4CC4-829B-AE805BA1BC6F"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.60:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B283683-D924-4C69-87F3-355ECC0DBA4B"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.61:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "265CBC8B-5EF6-4335-B3EC-FF93A1DF8A9B"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.62:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "755FCEC1-E1DD-42BC-9606-17217DB69128"
},
{
"criteria": "cpe:2.3:a:ghostscript:ghostscript:8.63:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8C3057C-9207-4BCD-88D4-625BE0EFAE85"
}
],
"operator": "OR"
}
]
}
]