Artifex Ghostscript Fonts vulnerabilities

CVE-2010-4054 [MEDIUM] CWE-119 CVE-2010-4054: The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.

CVE-2009-3743 [CRITICAL] CWE-189 CVE-2009-3743: Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript befo Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

CVE-2009-4897 [CRITICAL] CWE-119 CVE-2009-4897: Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.

CVE-2010-2055 [HIGH] CWE-17 CVE-2010-2055: Ghostscript 8.71 and earlier reads initialization files from the current working directory, which al Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.