CVE-2009-3743

Related Files

Gentoo Linux Security Advisory 201412-17

Posted Dec 15, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-17 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which may allow execution of arbitrary code. Versions prior to 9.10-r2 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-0196, CVE-2009-0792, CVE-2009-3743, CVE-2009-4270, CVE-2009-4897, CVE-2010-1628, CVE-2010-2055, CVE-2010-4054, CVE-2012-4405

SHA-256 | 03c0d395cdc0839362a464bc735af98cdf0e7ea963089096f746c47e2abb27c3

Download | Favorite | View

Red Hat Security Advisory 2012-0095-01

Posted Feb 3, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0095-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used. If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code.

tags | advisory, overflow, arbitrary

systems | linux, redhat

advisories | CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820

SHA-256 | e6888517744a038247ddcec36a31a2483e8893d5f08cc6726fef676d829fd42b

Download | Favorite | View

Ubuntu Security Notice USN-1317-1

Posted Jan 4, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1317-1 - It was discovered that Ghostscript did not correctly handle memory allocation when parsing certain malformed JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. It was discovered that Ghostscript did not correctly handle certain formatting operations when parsing JPEG-2000 images. If a user or automated system were tricked into opening a specially crafted image, an attacker could cause a denial of service and possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2008-3520, CVE-2008-3522, CVE-2009-3743, CVE-2010-4054, CVE-2011-4516, CVE-2011-4517

SHA-256 | 1fcf7293472e791a0923b72c104ac27add330ec563ccfa26ed3174c631ebbd57

Download | Favorite | View

Ghostscript Library Off-By-One, Integer Overflow, Heap Corruption

Posted Nov 26, 2010

Authored by Jonathan Brossard

An off by one in the library libgs.so.8 shipped with Ghostscript in versions 8.70 and below generates an integer overflow, which in turn produces a heap corruption, resulting in a (remote) Denial of Service (crash) in several applications using this library when processing a specially crafted font. This vulnerability cannot be exploited to execute arbitrary code under GNU/Linux x86, to the best of our knowledge. Other targets, in particular Windows have not been tested and may or may not allow execution of arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, x86

systems | linux, windows

advisories | CVE-2009-3743

SHA-256 | 755fd7b7a65fa02c1e386560dc92962392c8ed6130056fd4ed24925a54f7de7c

Download | Favorite | View