CVE-2009-0196Improper Restriction of Operations within the Bounds of a Memory Buffer in Ghostscript

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources
Severity
9.3CRITICALNVD
EPSS
12.2%
top 6.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex GhostscriptGhostscript
Timeline
PublishedApr 16
Latest updateMay 2

Description

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianartifex/ghostscript< 8.64~dfsg-1.1+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-76p8-fv4q-j2wv: Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict2022-05-02
CVEList
CVE-2009-0196: Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict2009-04-16
OSV
CVE-2009-0196: Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict2009-04-16

📋Vendor Advisories

3
Ubuntu
Ghostscript vulnerabilities2009-04-15
Red Hat
ghostscript: Missing boundary check in Ghostscript's jbig2dec library2009-04-08
Debian
CVE-2009-0196: ghostscript - Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol...2009

💬Community

4
Bugzilla
CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 ghostscript various flaws [F10]2009-04-15
Bugzilla
CVE-2009-0196 CVE-2009-0792 CVE-2009-0583 ghostscript various flaws [Fdevel]2009-04-15
Bugzilla
CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 ghostscript various flaws [F9]2009-04-15
Bugzilla
CVE-2009-0196 ghostscript: Missing boundary check in Ghostscript's jbig2dec library2009-04-01
CVE-2009-0196 — Ghostscript vulnerability | cvebase