CVE-2009-3743 — Integer Overflow or Wraparound in GPL Ghostscript

CWE-189 CWE-190 — Integer Overflow or Wraparound10 documents8 sources

Severity

9.3CRITICALNVD

EPSS

3.9%

top 11.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Ghostscript Artifex GPL Ghostscript Artifex Afpl Ghostscript +1 more

Timeline

PublishedAug 26

Latest updateMay 2

Description

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDartifex/ghostscript_fonts6.0, 8.11+1

▶Debianartifex/ghostscript< 8.71~dfsg-1+3

▶NVDartifex/gpl_ghostscript8.70+12

▶NVDartifex/afpl_ghostscript16 versions+15

🔴Vulnerability Details

GHSA

GHSA-3p47-jqhp-gxp9: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8↗2022-05-02

▶

OSV

CVE-2009-3743: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8↗2010-08-26

▶

CVEList

CVE-2009-3743: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8↗2010-08-26

▶

📋Vendor Advisories

Ubuntu

Ghostscript vulnerabilities↗2012-01-04

▶

Red Hat

ghostscript: TrueType bytecode intepreter integer overflow or wraparound↗2010-08-24

▶

Debian

CVE-2009-3743: ghostscript - Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter...↗2009

▶

💬Community

Bugzilla

CVE-2010-2055 CVE-2009-3743 ghostscript various flaws [fedora-all]↗2011-11-22

▶

Bugzilla

CVE-2009-3743 ghostscript: TrueType bytecode intepreter integer overflow or wraparound↗2010-08-27

▶