CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
95.7%
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
Vendor | Product | Version | CPE |
---|---|---|---|
ghostscript | ghostscript | 8.15 | cpe:/a:ghostscript:ghostscript:8.15::: |
ghostscript | ghostscript | cpe:/a:ghostscript:ghostscript:::: | |
ghostscript | ghostscript | 0 | cpe:/a:ghostscript:ghostscript:0::: |
ghostscript | ghostscript | 8.54 | cpe:/a:ghostscript:ghostscript:8.54::: |
ghostscript | ghostscript | 8.57 | cpe:/a:ghostscript:ghostscript:8.57::: |
ghostscript | ghostscript | 8.0.1 | cpe:/a:ghostscript:ghostscript:8.0.1::: |
ghostscript | ghostscript | 8.62 | cpe:/a:ghostscript:ghostscript:8.62::: |
ghostscript | ghostscript | 8.15.2 | cpe:/a:ghostscript:ghostscript:8.15.2::: |
ghostscript | ghostscript | 8.63 | cpe:/a:ghostscript:ghostscript:8.63::: |
ghostscript | ghostscript | 8.61 | cpe:/a:ghostscript:ghostscript:8.61::: |
lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
osvdb.org/53492
secunia.com/advisories/34292
secunia.com/advisories/34667
secunia.com/advisories/34729
secunia.com/advisories/34732
secunia.com/advisories/35416
secunia.com/advisories/35559
secunia.com/advisories/35569
secunia.com/secunia_research/2009-21/
security.gentoo.org/glsa/glsa-201412-17.xml
sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1
wiki.rpath.com/Advisories:rPSA-2009-0060
www.mandriva.com/security/advisories?name=MDVSA-2009:095
www.redhat.com/support/errata/RHSA-2009-0421.html
www.securityfocus.com/archive/1/502586/100/0/threaded
www.securityfocus.com/archive/1/502757/100/0/threaded
www.securityfocus.com/bid/34445
www.securitytracker.com/id?1022029
www.vupen.com/english/advisories/2009/0983
www.vupen.com/english/advisories/2009/1708
bugzilla.redhat.com/attachment.cgi?id=337747
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533
usn.ubuntu.com/757-1/
www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html
www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html