VDB
CVE-2009-0196
CVE-2009-0196
PUBLISHED
Reported by flexera · Published April 16, 2009
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Timeline
- Apr 16, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 3, 2023 EPSS Score
References
- RHSA-2009:0421 vendor-advisoryx_refsource_REDHAT
- 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow mailing-listx_refsource_BUGTRAQ
- FEDORA-2009-3709 vendor-advisoryx_refsource_FEDORA
- GLSA-201412-17 vendor-advisoryx_refsource_GENTOO
- ADV-2009-0983 vdb-entryx_refsource_VUPEN
- 34445 vdb-entryx_refsource_BID
- 262288 vendor-advisoryx_refsource_SUNALERT
- 34292 third-party-advisoryx_refsource_SECUNIA
- 20090417 rPSA-2009-0060-1 ghostscript mailing-listx_refsource_BUGTRAQ
- 34729 third-party-advisoryx_refsource_SECUNIA
- SUSE-SR:2009:011 vendor-advisoryx_refsource_SUSE
- oval:org.mitre.oval:def:10533 vdb-entrysignaturex_refsource_OVAL
- MDVSA-2009:095 vendor-advisoryx_refsource_MANDRIVA
- FEDORA-2009-3710 vendor-advisoryx_refsource_FEDORA
- 34732 third-party-advisoryx_refsource_SECUNIA
- 35569 third-party-advisoryx_refsource_SECUNIA
- ADV-2009-1708 vdb-entryx_refsource_VUPEN
- 1022029 vdb-entryx_refsource_SECTRACK
- 35559 third-party-advisoryx_refsource_SECUNIA
- 35416 third-party-advisoryx_refsource_SECUNIA
…and 7 more