CVE - CVE-2009-0196

CVE-ID
CVE-2009-0196	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:34445 URL:http://www.securityfocus.com/bid/34445 BUGTRAQ:20090409 Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow URL:http://www.securityfocus.com/archive/1/502586/100/0/threaded BUGTRAQ:20090417 rPSA-2009-0060-1 ghostscript URL:http://www.securityfocus.com/archive/1/502757/100/0/threaded CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0060 FEDORA:FEDORA-2009-3709 URL:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00460.html FEDORA:FEDORA-2009-3710 URL:https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00461.html GENTOO:GLSA-201412-17 URL:http://security.gentoo.org/glsa/glsa-201412-17.xml MANDRIVA:MDVSA-2009:095 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:095~~ (Obsolete source) MISC:http://secunia.com/secunia_research/2009-21/ MISC:https://bugzilla.redhat.com/attachment.cgi?id=337747 OSVDB:53492 URL:~~http://osvdb.org/53492~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10533 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10533 REDHAT:RHSA-2009:0421 URL:http://www.redhat.com/support/errata/RHSA-2009-0421.html SECTRACK:1022029 URL:http://www.securitytracker.com/id?1022029 SECUNIA:34292 URL:http://secunia.com/advisories/34292 SECUNIA:34667 URL:http://secunia.com/advisories/34667 SECUNIA:34729 URL:http://secunia.com/advisories/34729 SECUNIA:34732 URL:http://secunia.com/advisories/34732 SECUNIA:35416 URL:http://secunia.com/advisories/35416 SECUNIA:35559 URL:http://secunia.com/advisories/35559 SECUNIA:35569 URL:http://secunia.com/advisories/35569 SUNALERT:262288 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1~~ (Obsolete source) SUSE:SUSE-SR:2009:009 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html SUSE:SUSE-SR:2009:011 URL:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html UBUNTU:USN-757-1 URL:https://usn.ubuntu.com/757-1/ VUPEN:ADV-2009-0983 URL:~~http://www.vupen.com/english/advisories/2009/0983~~ (Obsolete source) VUPEN:ADV-2009-1708 URL:~~http://www.vupen.com/english/advisories/2009/1708~~ (Obsolete source)
Assigning CNA
Flexera Software LLC
Date Record Created
20090120	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090120)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)