CVE-2009-0196
Summary
| CVE | CVE-2009-0196 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-16 15:12:00 UTC |
| Updated | 2018-10-11 21:00:00 UTC |
| Description | Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ghostscript | Ghostscript | 0 | All | All | All |
| Application | Ghostscript | Ghostscript | 5.50 | All | All | All |
| Application | Ghostscript | Ghostscript | 7.07 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.0.1 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15.2 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.54 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.56 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.57 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.60 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.61 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.62 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.63 | All | All | All |
| Application | Ghostscript | Ghostscript | 0 | All | All | All |
| Application | Ghostscript | Ghostscript | 5.50 | All | All | All |
| Application | Ghostscript | Ghostscript | 7.07 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.0.1 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.15.2 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.54 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.56 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.57 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.60 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.61 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.62 | All | All | All |
| Application | Ghostscript | Ghostscript | 8.63 | All | All | All |
| Application | Ghostscript | Ghostscript | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityTracker: Ghostscript Heap Overflow in jbig2dec Library Lets Remote Users Execute Arbitrary Code | SECTRACK | www.securitytracker.com | |
| Fedora update for ghostscript - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:009 | SUSE | lists.opensuse.org | |
| Gentoo Linux Documentation -- GPL Ghostscript: Multiple vulnerabilities | GENTOO | security.gentoo.org | |
| bugzilla.redhat.com/attachment.cgi | MISC | bugzilla.redhat.com | Exploit |
| Sun Solaris Ghostscript Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Webmail | OVH- OVH | VUPEN | www.vupen.com | |
| Vulnerabilities - Secunia Research - Vulnerability Information - Secunia.com | MISC | secunia.com | Vendor Advisory |
| 53492 | OSVDB | osvdb.org | Exploit |
| Ubuntu update for ghostscript - Advisories - Community | SECUNIA | secunia.com | |
| wiki.rpath.com/Advisories:rPSA-2009-0060 | CONFIRM | wiki.rpath.com | |
| SUSE Update for Multiple Packages - Advisories - Community | SECUNIA | secunia.com | |
| Red Hat update for ghostscript - Advisories - Community | SECUNIA | secunia.com | |
| Support / Security / Advisories / / MDVSA-2009:095 | Mandriva | MANDRIVA | www.mandriva.com | |
| [SECURITY] Fedora 10 Update: ghostscript-8.63-6.fc10 | FEDORA | www.redhat.com | |
| Sun Solaris 9 Ghostscript Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| USN-757-1: Ghostscript vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Support | REDHAT | www.redhat.com | |
| [SECURITY] Fedora 9 Update: ghostscript-8.63-3.fc9 | FEDORA | www.redhat.com | |
| Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability | BID | www.securityfocus.com | Patch |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| 262288 | SUNALERT | sunsolve.sun.com | |
| Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:011 | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.