CVE-2009-0196
published 2009-04-16CVE-2009-0196: Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | >= 0 < 8.64~dfsg-1.1 | 8.64~dfsg-1.1 |
| artifex | ghostscript | >= 0 < 8.64~dfsg-1.1 | 8.64~dfsg-1.1 |
| artifex | ghostscript | >= 0 < 8.64~dfsg-1.1 | 8.64~dfsg-1.1 |
| artifex | ghostscript | >= 0 < 8.64~dfsg-1.1 | 8.64~dfsg-1.1 |
| debian | ghostscript | < ghostscript 8.64~dfsg-1.1 (bookworm) | ghostscript 8.64~dfsg-1.1 (bookworm) |
| debian | jbig2dec | < ghostscript 8.64~dfsg-1.1 (bookworm) | ghostscript 8.64~dfsg-1.1 (bookworm) |
| ghostscript | ghostscript | <= 8.64 | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
| ghostscript | ghostscript | — | — |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL