CVE-2009-3743

Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://security.gentoo.org/glsa/glsa-201412-17.xml
http://www.kb.cert.org/vuls/id/644319	US Government Resource
http://www.kb.cert.org/vuls/id/JALR-87YGN8	US Government Resource
http://www.securityfocus.com/archive/1/514892/100/0/threaded
http://www.securitytracker.com/id?1024785
https://rhn.redhat.com/errata/RHSA-2012-0095.html
http://security.gentoo.org/glsa/glsa-201412-17.xml
http://www.kb.cert.org/vuls/id/644319	US Government Resource
http://www.kb.cert.org/vuls/id/JALR-87YGN8	US Government Resource
http://www.securityfocus.com/archive/1/514892/100/0/threaded
http://www.securitytracker.com/id?1024785
https://rhn.redhat.com/errata/RHSA-2012-0095.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:artifex:afpl_ghostscript:6.0:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:6.01:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:6.50:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:7.00:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:7.03:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:7.04:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.00:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.11:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.12:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.13:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.14:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.50:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.51:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.52:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.53:::::::*
	cpe:2.3:a:artifex:afpl_ghostscript:8.54:::::::*
	cpe:2.3:a:artifex:ghostscript_fonts:6.0:::::::*
	cpe:2.3:a:artifex:ghostscript_fonts:8.11:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript::::::::
	cpe:2.3:a:artifex:gpl_ghostscript:8.01:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.15:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.50:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.51:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.54:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.56:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.57:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.60:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.61:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.62:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.63:::::::*
	cpe:2.3:a:artifex:gpl_ghostscript:8.64:::::::*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://security.gentoo.org/glsa/glsa-201412-17.xml -~~	() http://security.gentoo.org/glsa/glsa-201412-17.xml -
References	~~() http://www.kb.cert.org/vuls/id/644319 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/644319 - US Government Resource
References	~~() http://www.kb.cert.org/vuls/id/JALR-87YGN8 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/JALR-87YGN8 - US Government Resource
References	~~() http://www.securityfocus.com/archive/1/514892/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/514892/100/0/threaded -
References	~~() http://www.securitytracker.com/id?1024785 -~~	() http://www.securitytracker.com/id?1024785 -
References	~~() https://rhn.redhat.com/errata/RHSA-2012-0095.html -~~	() https://rhn.redhat.com/errata/RHSA-2012-0095.html -

Information

Published : 2010-08-26 21:00

Updated : 2024-11-21 01:08

NVD link : CVE-2009-3743

Mitre link : CVE-2009-3743

CVE.ORG link : CVE-2009-3743

JSON object : View

Products Affected

artifex

ghostscript_fonts
afpl_ghostscript
gpl_ghostscript

CWE

CWE-189

Numeric Errors

9.3 /10