Computer Security

CVE-2009-0196
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-0196
StatusUNKNOWN
DescriptionHeap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
SeverityHigh
CVSS score9,3
CVSS vector(AV:N/AC:M/Au:N/C:C/I:C/A:C)
PhaseASSIGNED (21.08.2010)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0196
ReferencesBID : 34445
 BUGTRAQ : 20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow
 BUGTRAQ : 20090417 rPSA-2009-0060-1 ghostscript
 CONFIRM : http://wiki.rpath.com/Advisories:rPSA-2009-0060
 FEDORA : FEDORA-2009-3709
 FEDORA : FEDORA-2009-3710
 MANDRIVA : MDVSA-2009:095
 MISC : http://secunia.com/secunia_research/2009-21/
 MISC : https://bugzilla.redhat.com/attachment.cgi?id=337747
 OSVDB : 53492
 OVAL : oval:org.mitre.oval:def:10533
 REDHAT : RHSA-2009:0421
 SECTRACK : 1022029
 SECUNIA : 34292
 SECUNIA : 34667
 SECUNIA : 34729
 SECUNIA : 34732
 SECUNIA : 35416
 SECUNIA : 35559
 SECUNIA : 35569
 SUNALERT : 262288
 SUSE : SUSE-SR:2009:009
 SUSE : SUSE-SR:2009:011
 UBUNTU : USN-757-1
 VUPEN : ADV-2009-0983
 VUPEN : ADV-2009-1708
SecurityVulns:Ghsotscript / XPDF / CUPS pdftops buffer overflow
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server