CVE-2009-0196

EPSS 12.2%

ghostscript - integer overflows

發布日:2009/4/16修改日:2026/4/28

也稱為:DEBIAN-CVE-2009-0196

描述

Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.

受影響套件(2)

Debian/ghostscriptfrom 0, < 8.64~dfsg-1.1
Debian/ghostscriptfrom 0, < 8.64~dfsg-1+squeeze1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0196